Bugtraq mailing list archives
Write-only devices (Was read only devices)
From: pcl () foo oucs ox ac uk (Paul C Leyland)
Date: Fri, 21 Jun 1996 16:40:29 +0100
All the chat about mounting / and /usr read-only, with confusion over whether it was to be done in hardware or software, reminds me of a security device which ought to be well known and widely used but is hardly ever implemented. A write-only logger is incredibly useful when performing forensic work after something has gone badly wrong. At the last two FIRST workshops, the audience was asked who had a hard-copy terminal as a system console. In 1994, three people, including myself, raised their hands. In 1995, only one. Me. It is very difficult (though not impossible in general) to delete printed log entries over the network. Denial of service attacks, of course, are always possible. I do not know of any readily available write-only output device other than printers these days. There were advantages to paper tape and punched cards which we have since lost. It would probably be of general interest to hear of large-capacity unoverwriteable devices. Note that CD-R is *not* acceptable as currently implemented as it is too easy to destructively overwrite what is already there. Clarification for pedants: by write-only, I mean something which is not readable, by the system performing the writing or, indeed, any other connected system without having to physically remove the device and re-connect it to a reading system. Printer paper can be OCR'ed, but unless the output is fed into an OCR system, it is unreadable. Further, it must not be possible for anything to be deleted once written, either by the writing system or by anything connected to it, without having to physically remove, reconfigure and reconnect the write-only medium. Paul
Current thread:
- Re: Sendmail 6.x+ holes?, (continued)
- Re: Sendmail 6.x+ holes? Roland Dobbins (Jun 20)
- Re: Sendmail 6.x+ holes? martinh () mailhost emap co uk (Jun 24)
- Re: Sendmail 6.x+ holes? Henry W. Farkas (Jun 24)
- Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 19)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Alan Brown (Jun 22)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 24)
- Re: Router programming,source routes and spoofed ICMP attacks. Brian Mitchell (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Cyrus Durgin (Jun 20)
- Re: Router programming,source routes and spoofed ICMP attacks. Yiorgos Adamopoulos (Jun 21)
- Administratrivia Aleph One (Jun 21)
- Write-only devices (Was read only devices) Paul C Leyland (Jun 21)
- Re: Write-only devices (Was read only devices) Piete Brooks (Jun 21)
- Re: Write-only devices (Was read only devices) [via LSMTP - see Paul C Leyland (Jun 24)
- nuke *Hobbit* (Jun 21)
- Re: nuke Rowan Smith (Jun 24)
- Re: nuke Vadim Kolontsov (Jun 24)
- Re: nuke Chris A. Petro (Jun 26)