Bugtraq mailing list archives
Re: Read only devices (Re: BoS: amodload.tar.gz - ...)
From: S.Vickery () its gu edu au (Sean Vickery)
Date: Fri, 21 Jun 1996 11:57:16 +1000
On 20 June 1996, Patrick Ferguson wrote:
Instead of the hassle of dealing with that, properly configure your filesystems. Since you can mount a filesystem at any point in the tree, why not just spend some extra time and diagram out which directories will be write accessed the least and mount them read-only. Even superuser privs can't violate ro mounting. [...]
Mounting filesystems containing system binaries read-only does not sound as safe as turning on the hardware write-protect on the disks containing those filesystems. Why? If an attacker can alter your system binaries, s/he must have root privileges. Which means s/he can also unmount the filesystems and remount them read-write. But to change the disk back to read-write cannot be done over the network. It requires physical access to the disk(s). Sean. -- Sean Vickery <S.Vickery () its gu edu au> Ph: +61 (0)7 3875 6410 Systems Programmer Information Services Griffith University
Current thread:
- Read only devices (Re: BoS: amodload.tar.gz - ...) William McVey (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Patrick Ferguson (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Sean Vickery (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Matt Zimmerman (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Sean Vickery (Jun 20)
- <Possible follow-ups>
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Scott J. Kramer (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Brian Tao (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Don Lewis (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Matt Zimmerman (Jun 21)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Christopher Samuel (Jun 21)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Chris A. Petro (Jun 22)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) R.Arnold / Arny (Jun 24)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Patrick Ferguson (Jun 20)