Rootkit
Bill Davidsen
davidsen at tmr.com
Tue Oct 30 22:37:02 UTC 2007
Mike McCarty wrote:
> John Wendel wrote:
>>
>> While reading this thread it occurred to me that if disk drives had a
>> read-only switch, then systems would be uncrackable. Automated updates
>> would be impossible, but I could live with a complicated update
>> process if it would guarantee that my programs couldn't be compromised.
>>
>> Can someone tell me why this isn't a good idea? There must be a fatal
>> flaw that I don't see, or else someone would be selling drives like this.
>
> There are several possible interactions. These occur to me immediately.
>
> First, if this were done on a disc which contained the syslogs,
> then no syslogs could be made.
>
You can syslog over the network to a remote machine which accepts only
syslog packets. Onbce upon a time decades ago the solution was to log to
a hardcopy terminal.
> Second, if this were done where mount info and so forth get stored,
> then the system couldn't boot.
>
To some extent true, but look at the union filesystem stuff, I think you
could handle this and also see exactly which files were changed.
> Third, if this were done to a "data file only" disc, then access time
> information could not be stored.
>
That's not necessarily a bad thing. Mounting noatime or relatime is a
performance trick.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list