Bugtraq mailing list archives
Re: Read only devices (Re: BoS: amodload.tar.gz - ...)
From: patrick () chloe dmv com (Patrick Ferguson)
Date: Thu, 20 Jun 1996 19:50:09 -0400
Instead of the hassle of dealing with that, properly configure your filesystems. Since you can mount a filesystem at any point in the tree, why not just spend some extra time and diagram out which directories will be write accessed the least and mount them read-only. Even superuser privs can't violate ro mounting. For example: since /bin and /usr/bin are traditionally manufacturer binaries, you would only need to write to them when you upgrade the version of the OS you're running. This allows greater control over the disk than by using it in r/o mode. Of course, if you upgrade your system constantly or use if for alot of system developement, this won't work as well. ------------------------------------------------------------------------------ Patrick Ferguson - Systems Administrator patrick () dmv com DelMarVa OnLine! - Salisbury, MD patrick () satyricon com -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAzGBrOQAAAECALpR8GMUAXnKbr9LeXVv18Q8y/n1NM1+YS8ffP/5HvM0gyso F1T9+gcGvb3L2nFwj+wnig0UQY93vXqhXPoFN4UABRG0IlBhdHJpY2sgRmVyZ3Vz b24gPHBhdHJpY2tAZG12LmNvbT4= =AgnQ -----END PGP PUBLIC KEY BLOCK----- On Thu, 20 Jun 1996, William McVey wrote:
Dana Bourgeois wrote:With writeable CDROM drives around $700, has anybody considered setting up their system from the Solaris CD, adding whatever software they need/want to the machine and then backing the disk to WCDROM? It would seem that if data files are backed up at regular intervals to the standard backup system, the pure system could be quickly recreated any time there was a question about break-ins. Maybe even on a regular basis.It seems to me that this is the same as performing backups of your system onto tape. You still have the problem of needing to know when you've compromised and needing to know what backup tapes (or CDs) are tainted with hostile bits. What would be really neat (albeit slow if you didn't have enough memory to keep common executables in core) would be running your operating system entirely off of cdrom (with perhaps things like /tmp, home directories and /var on disk). Then trojaning a system executable becomes very difficult indeed. Of course you really don't get much of an advantage from using a cdrom as opposed to using a disk with hardware write protection engaged. -- William
Current thread:
- Read only devices (Re: BoS: amodload.tar.gz - ...) William McVey (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Patrick Ferguson (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Sean Vickery (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Matt Zimmerman (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Sean Vickery (Jun 20)
- <Possible follow-ups>
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Scott J. Kramer (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Brian Tao (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Don Lewis (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Matt Zimmerman (Jun 21)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Christopher Samuel (Jun 21)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Chris A. Petro (Jun 22)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) R.Arnold / Arny (Jun 24)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Patrick Ferguson (Jun 20)