Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Inherited & RO Filesystems

From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Mon, 24 Jun 1996 08:01:54 -0400


As an aside, an intruder could use an inherited filesystem (if
supported by the OS) to get around not being able to install
backdoors and trojans on RO media.


You don't need that; all you need is to drop the stuff somewhere local
and then NFS-mount localhost:/some/where/writable on /where/you/want.
But of course neither one will stay in place upon reboot, and as an
admin, I'd much prefer a system that needed just a reboot to clean it
of intruder damage than one that had to be reinstalled off backups.

With BSD, you have the additional benefit that the mount list is kept
in the kernel, so to hide your mount you have to trojan mount as well
as whatever else - one more thing for the attacker to get wrong....

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu
Previous By Date Next
Previous By Thread Next

Current thread: