[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

Glenn McGrath <bug1@optushome.com.au> writes:

> On Sat, 22 Mar 2003 13:20:39 -0000
> "Matt Ryan" <mryan@debian.org> wrote:
> > Explain to me how the ro root makes a difference? There is a lot of
> > talk about how difficult it is to install a rootkit when the root fs
> > is ro, but if you already have superuser privileges why can't you just
> > remount root rw and then drop the rootkit in?

Dead simple. try to install a rootkit on a CD or a harddisk with the
RO jumper set.

You can't write to a read only medium and hacking a drives bios to
circumvent the RO jumper is hopefully impossible.

> > If you don't have superuser privilege to do
> > this then you can write to root owned directories (with the correct
> > permissions) anyway?

> You mean you can write to /tmp, how does that help ?

Esspecially with /tmp and /var being noexec and a fixed kernel /


Reply to: