[2808] in bugtraq
Re: Inherited & RO Filesystems
daemon@ATHENA.MIT.EDU (Brett Lymn)
Tue Jun 25 02:02:39 1996
Date: Tue, 25 Jun 1996 13:25:22 +0930
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Brett Lymn <blymn@awadi.com.au>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606241201.IAA06698@Collatz.McRCIM.McGill.EDU> from "der
Mouse" at Jun 24, 96 08:01:54 am
According to der Mouse:
>
>You don't need that; all you need is to drop the stuff somewhere local
>and then NFS-mount localhost:/some/where/writable on /where/you/want.
Hmmmm you mean you are willing to keep the NFS stuff in the kernel on
a firewall machine? Personally, I trashed that along with every other
option in the kernel - only putting back the ones that made the sucker
work. If the kernel won't support NFS they won't be able to implement
the trick. I suppose they could to the same with a local file system
but that would be a bit trickier to do without being noticed ;-)
>But of course neither one will stay in place upon reboot, and as an
>admin, I'd much prefer a system that needed just a reboot to clean it
>of intruder damage than one that had to be reinstalled off backups.
>
Amen, brother.
>With BSD, you have the additional benefit that the mount list is kept
>in the kernel, so to hide your mount you have to trojan mount as well
>as whatever else - one more thing for the attacker to get wrong....
>
IMHO the harder you make the cracking activity, the more likely it is
they will make a mistake. Besides it certainly will weed out the
script jockeys that fancy themselves as crackers....
--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.
