Firewall Wizards mailing list archives
Re: Linux Firewall on CD
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 11 Jul 2003 22:11:24 -0400
Paul Robertson wrote:
Usually, CD bootable systems use a RAM Disk- so an attacker can easily keep things in memory, and the only thing you really gain is disinfection with a reboot- however you're still vulnerable to the original attack, so the gain from running off a CD is pretty negligable from a security perspective.
Depends on how it's done, really. The CD bootable systems I used to build chrooted off the RAM disk onto the CD image, so there was no RAM disk to mess with, and there weren't any device nodes except for the bare minimum since the device nodes needed to mount the CD and hard disk were back in the RAM disk behind the chroot. If you mount the hard disk noexec, and the CD image isn't writeable, it's pretty hard to screw around with the system. Of course, one can always conjure up a scenario involving an infinitely clever attacker exploiting an infinite number of design flaws so in theory no firewall will ever be secure. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Linux Firewall on CD james mcdermott (Jul 11)
- Re: Linux Firewall on CD Steve Ellis (Jul 11)
- Re: Linux Firewall on CD Paul Robertson (Jul 11)
- Re: Linux Firewall on CD Marcus J. Ranum (Jul 11)
- Re: Linux Firewall on CD Paul Robertson (Jul 11)
- Telnet & ftp issues Jyotish K Sen Gupta (Jul 12)
- Re: Linux Firewall on CD Barney Wolff (Jul 12)
- Re: Linux Firewall on CD Paul Robertson (Jul 12)
- Re: Linux Firewall on CD Marcus J. Ranum (Jul 11)