Bugtraq mailing list archives
Re: BoS: amodload.tar.gz - dynamic SunOS modules
From: blymn () awadi com au (Brett Lymn)
Date: Fri, 21 Jun 1996 20:10:54 +0930
According to Piete Brooks:
Hmm -- as I remember it from times of stress mending broken systems (so the old grey cells may not be all that reliable!), if / was r/o, mounts FAILED, unless the "-n" flag was set: -n Mount the file system without making an entry in /etc/mtab.
Ahhh your brain cells are better than mine. I remember that now! Still, if you don't have a reasonable mnttab there to start off with then you get some weirdness with tools that use it to report things to do with disks...
[[ PS: Sean said "Why? If an attacker can alter your system binaries, s/he must have root privileges. Which means s/he can also unmount the filesystems and remount them read-write."
Uhhh relying on the ro mount option is a Bad Thing (TM) IMHO. When people started talking write protected file systems I immediately thought you meant _hardware_ write protect. There are some SCSI hard disks that have a link that will write protect the disk in hardware so even if someone gets root on that box they cannot remount the partitions r/w even if the "-o remount" worked and normally it does. Another side effect of the write protection is that telnet and rlogin will no longer work because the will not be able to allocate a pty to talk on which is a plus on a firewall - cuts out a couple of potential problems right away. All this said and done, the upshot is that even if someone gets root on the machine - where do they go? You would be stupid to trust this machine to any other machine on your network so they cannot directly log in anywhere else. They cannot install a trojan because all the binaries are hardware write protected. It does make life a bit difficult ;-) -- Brett Lymn, Computer Systems Administrator, AWA Defence Industries =============================================================================== "Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.
Current thread:
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Christopher Klaus (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Dana Bourgeois (Jun 20)
- <Possible follow-ups>
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Dan Stromberg (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules der Mouse (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Markus Zellner (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Brian Denehy (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Brett Lymn (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Piete Brooks (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Brett Lymn (Jun 21)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Markus Zellner (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Dave Matthews (Jun 20)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Dan Stromberg (Jun 21)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules Dan Stromberg (Jun 21)
- Re: BoS: amodload.tar.gz - dynamic SunOS modules J.R.Valverde (Jun 24)