Re: Secure 2.4.x kernel - readonly

To: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Cc: Gary MacDougall <gary@freeportweb.com>, Matthew Sackman <matthew@sackman.co.uk>, debian-security@lists.debian.org
Subject: Re: Secure 2.4.x kernel - readonly
From: Anthony DeRobertis <asd@suespammers.org>
Date: Wed, 26 Dec 2001 14:52:29 -0500
Message-id: <[🔎] 183F7F4E-FA3A-11D5-A58F-00039355CFA6@suespammers.org>
In-reply-to: <[🔎] Pine.LNX.3.96.1011225172232.3182A-100000@Maggie.Linux-Consulting.com>


On Tuesday, December 25, 2001, at 08:34 , Alvin Oga wrote:



On Mon, 24 Dec 2001, Anthony DeRobertis wrote:

making the disks readonly is not trivial ...
lots of work  to make it readonly.. a fun project ...


Not really. Nothing should write anywhere except /var and /tmp
(did I miss any). Also, if you have users, then /home.


/etc is written into by the kernel ( for mounts/unmounts )

No, the mount ant unmount commands update /etc/mtab. If theycan't, not much breakage results.


/proc if you use it is writable


Yes, to change kernel parameters. But you can't sore binaries there.


vi /etc/foo.conf  will sometimes create /etc/foo.conf.swp


Not if /etc is read-only.

By using ramdisks, you can easily make the entire file-system
read-only; you need only hit reset restore.


yes... but if an instruder got in ... you'd have to patch the hole
they used and rebuild a new ramdisk images

Yes, you need a new boot disk. What I was thinking of was a bootCD which creates empty ramdisks for /var/run, /tmp/, etc.Security problem? Burn a new CD, pop it in the drive, hit reset.

Reply to:

References:
- Re: Secure 2.4.x kernel - readonly
  - From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>

Prev by Date: Re: Secure 2.4.x kernel
Next by Date: Campus Computers
Previous by thread: Re: Secure 2.4.x kernel - readonly
Next by thread: Re: Secure 2.4.x kernel - readonly
Index(es):
- Date
- Thread