[2758] in bugtraq
Re: BoS: amodload.tar.gz - dynamic SunOS modules
daemon@ATHENA.MIT.EDU (Markus Zellner (870765))
Thu Jun 20 23:23:22 1996
Date: Fri, 21 Jun 1996 12:32:46 +1000
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Markus Zellner (870765)" <Markus.Zellner@anu.edu.au>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606202347.TAA09608@Collatz.McRCIM.McGill.EDU> from der Mouse
at "Jun 20, 96 07:47:31 pm"
der Mouse writes:
>> With writeable CDROM drives around $700, has anybody considered
>> setting up their system [...] and then backing the disk to WCDROM?
>As someone else pointed out, all that does is speed up recovery; it
>doesn't harden the system against attacks any.
>
>What _will_ help is to make your boot disk physically read-only. I
>have tried this with SunOS 4.1.x and NetBSD (with NFS-mounted root, not
>a real disk that's write protected, but the issues are the same). The
>latter is relatively easy; the former is much harder but I think would
>be doable with a couple of binary patches to programs like mount that
>pigheadedly insist on writing into /etc.
I have wondered about how to set up a system with a read only / and /usr
partition, but as you say things like mount wanting to write into /etc
really spoil the idea. Does anyone have a list of issues that stop /
and /usr being mounted read only (either logically or physically, or on
read only media) on a machine running say Solaris ? I'll start off the
list with the following.
Program/system writes to
mountd /etc/mnttab
automountd /etc/mnttab
passwd /etc/passwd /etc/shadow
syslogd /etc/syslog.pid
crond /etc/cron.d/FIFO
opie /etc/opiekeys
Does anything break if you mount /dev and /devices read only ?
--
Markus Zellner | IT Security Support Officer | Markus.Zellner@anu.edu.au
