[2766] in bugtraq
Re: BoS: amodload.tar.gz - dynamic SunOS modules
daemon@ATHENA.MIT.EDU (Piete Brooks)
Fri Jun 21 03:15:59 1996
Date: Fri, 21 Jun 1996 06:37:25 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Piete Brooks <Piete.Brooks@cl.cam.ac.uk>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of Fri, 21 Jun 1996 12:06:57 +0930.
<199606210236.MAA19561@mallee.awadi>
> StunOS mount only wants to write to /etc to update the mnttab file.
> If you mount all the disks that you have when the partition is
> writable, halt the system and then write protect the disk mount will
> whine about not being able to update things but will still do the mount.
Hmm -- as I remember it from times of stress mending broken systems (so the
old grey cells may not be all that reliable!), if / was r/o, mounts FAILED,
unless the "-n" flag was set:
-n Mount the file system without making an entry in /etc/mtab.
[[ PS: Sean said "Why? If an attacker can alter your system binaries, s/he must
have root privileges. Which means s/he can also unmount the
filesystems and remount them read-write."
It's not quite that simple, as at least some of the F/Ss *can't* be
unmounted over the net, as they will be in use.
However, now that many O/Ses start off with / and /usr mounted ro until
they have been fscked, they tend to have a "-u", or "-o remount" to do
it without the (impossible) umount ...
]]
