Re: Inherited & RO Filesystems

[blymn () awadi com au (Brett Lymn)]

According to der Mouse:
> You don't need that; all you need is to drop the stuff somewhere local
> and then NFS-mount localhost:/some/where/writable on /where/you/want.

Hmmmm you mean you are willing to keep the NFS stuff in the kernel on
a firewall machine?  Personally, I trashed that along with every other
option in the kernel - only putting back the ones that made the sucker
work.  If the kernel won't support NFS they won't be able to implement
the trick.  I suppose they could to the same with a local file system
but that would be a bit trickier to do without being noticed ;-)

> But of course neither one will stay in place upon reboot, and as an
> admin, I'd much prefer a system that needed just a reboot to clean it
> of intruder damage than one that had to be reinstalled off backups.

Amen, brother.

> With BSD, you have the additional benefit that the mount list is kept
> in the kernel, so to hide your mount you have to trojan mount as well
> as whatever else - one more thing for the attacker to get wrong....

IMHO the harder you make the cracking activity, the more likely it is
they will make a mistake.  Besides it certainly will weed out the
script jockeys that fancy themselves as crackers....

--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
  "Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.