[2794] in bugtraq
Re: Inherited & RO Filesystems
daemon@ATHENA.MIT.EDU (der Mouse)
Mon Jun 24 13:17:57 1996
Date: Mon, 24 Jun 1996 08:01:54 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
>> As an aside, an intruder could use an inherited filesystem (if
>> supported by the OS) to get around not being able to install
>> backdoors and trojans on RO media.
You don't need that; all you need is to drop the stuff somewhere local
and then NFS-mount localhost:/some/where/writable on /where/you/want.
But of course neither one will stay in place upon reboot, and as an
admin, I'd much prefer a system that needed just a reboot to clean it
of intruder damage than one that had to be reinstalled off backups.
With BSD, you have the additional benefit that the mount list is kept
in the kernel, so to hide your mount you have to trojan mount as well
as whatever else - one more thing for the attacker to get wrong....
der Mouse
mouse@collatz.mcrcim.mcgill.edu
