Bugtraq mailing list archives
Re: Inherited & RO Filesystems
From: blymn () awadi com au (Brett Lymn)
Date: Tue, 25 Jun 1996 13:25:22 +0930
According to der Mouse:
You don't need that; all you need is to drop the stuff somewhere local and then NFS-mount localhost:/some/where/writable on /where/you/want.
Hmmmm you mean you are willing to keep the NFS stuff in the kernel on a firewall machine? Personally, I trashed that along with every other option in the kernel - only putting back the ones that made the sucker work. If the kernel won't support NFS they won't be able to implement the trick. I suppose they could to the same with a local file system but that would be a bit trickier to do without being noticed ;-)
But of course neither one will stay in place upon reboot, and as an admin, I'd much prefer a system that needed just a reboot to clean it of intruder damage than one that had to be reinstalled off backups.
Amen, brother.
With BSD, you have the additional benefit that the mount list is kept in the kernel, so to hide your mount you have to trojan mount as well as whatever else - one more thing for the attacker to get wrong....
IMHO the harder you make the cracking activity, the more likely it is they will make a mistake. Besides it certainly will weed out the script jockeys that fancy themselves as crackers.... -- Brett Lymn, Computer Systems Administrator, AWA Defence Industries =============================================================================== "Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.
Current thread:
- Re: Inherited & RO Filesystems Brett Lymn (Jun 23)
- <Possible follow-ups>
- Re: Inherited & RO Filesystems der Mouse (Jun 24)
- Re: Inherited & RO Filesystems Brett Lymn (Jun 24)