Re: /boot partition changes when it should not
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob McGowan wrote:
> It is almost certainly the mount count.
I just manually unmounted and mounted the device a few times. With the
arguments I have in fstab ("ro","noatime"). In other words, I did
umount /boot; mount /boot; dd_rescue /dev/sda1 /tmp/boot1;
umount /boot; mount /boot; dd_rescue /dev/sda1 /tmp/boot2;
diff /tmp/boot1 /tmp/boot2
Result: No change. Hence it does not increment a mount count as long as
it is manually unmounted and remounted while the system is up.
What do I have to change in the boot process so that the mount count
does not get updated? How do I get the boot process to honor the fstab
options?
> It is worth noting that the read-only mount prevents writes via "normal"
> filesystem functions, only.
>
> You could still have a write done directly to the device, using the
> reverse of what the OP did to get the checksum, and completely destroy
> the disk content.
>
> Or, more to the point, use a "disk editor" and twiddle a bit here and
> there.
Malicious modifying of files with a disk editor is exactly the undesired
stuff that this whole checksumming is supposed to detect.
> To get an absolute, no write, ever, to the device, the OP will need to
> figure out how to force read only permissions on the device /dev/sda1,
> across boots.
Phantastic idea! Can it be done? I have not heard about this yet. It
would be great.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkuVopMACgkQ+VSRxYk4408KQwCg54fWN8Vgb0/onHgM/YqHJ/1o
wUMAoLgmBikojb51vtXAT11GOM4F0jFy
=lEFC
-----END PGP SIGNATURE-----
Reply to: