Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Read only devices (Re: BoS: amodload.tar.gz - ...)

From: S.Vickery () its gu edu au (Sean Vickery)
Date: Fri, 21 Jun 1996 11:57:16 +1000

On 20 June 1996, Patrick Ferguson wrote:

Instead of the hassle of dealing with that, properly configure your
filesystems.  Since you can mount a filesystem at any point in the tree,
why not just spend some extra time and diagram out which directories will
be write accessed the least and mount them read-only.  Even superuser privs
can't violate ro mounting.
[...]


Mounting filesystems containing system binaries read-only does not
sound as safe as turning on the hardware write-protect on the disks
containing those filesystems.

Why? If an attacker can alter your system binaries, s/he must have root
privileges.  Which means s/he can also unmount the filesystems and
remount them read-write.  But to change the disk back to read-write
cannot be done over the network.  It requires physical access to the
disk(s).

Sean.
--
Sean Vickery <S.Vickery () its gu edu au>   Ph: +61 (0)7 3875 6410
Systems Programmer   Information Services   Griffith University
Previous By Date Next
Previous By Thread Next

Current thread: