From owner-freebsd-security  Sat May 23 11:04:43 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA09059
          for freebsd-security-outgoing; Sat, 23 May 1998 11:04:43 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cyan.healthnet-sl.es (CYAN.HEALTHNET-SL.ES [194.179.35.142])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA08579
          for <freebsd-security@FreeBSD.ORG>; Sat, 23 May 1998 11:03:58 -0700 (PDT)
          (envelope-from webmaster@healthnet-sl.es)
Received: from healthnet-sl.es ([194.224.43.126])
	by cyan.healthnet-sl.es (8.8.5/8.8.5) with ESMTP id UAA04379;
	Sat, 23 May 1998 20:01:56 +0200 (CEST)
Message-ID: <35670F6B.87F2BBDC@healthnet-sl.es>
Date: Sat, 23 May 1998 20:03:23 +0200
From: Carlos <webmaster@healthnet-sl.es>
X-Mailer: Mozilla 4.03 [es] (WinNT; I)
MIME-Version: 1.0
To: Robert Watson <robert+freebsd@cyrus.watson.org>
CC: Pavol Adamec <palo.adamec@tecton.sk>,
        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: Virus on FreeBSD
References: <Pine.BSF.3.96.980522082752.11128A-100000@fledge.watson.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Robert Watson wrote:
> 
> [...]
>
> To protect the kernel properly, lkms need to be disabled at a sufficiently
> high run-level (possibly always), and appropriate file system stuff
> protected.  Personally, I like the idea of using a CD-ROM for a file
> system, but it's not so very fast.

A related topic: the FreeBSD handbook mentions a booting setup with
read-only media involved:

--- from handbook ---------------------------------------------------
24.1.4. Interesting combinations

Boot a kernel with a MFS in it with a special /sbin/init which... 

[...]

E -- Acts as a firewall/web-server/what do I know...

     This is particularly interesting since you can boot from a write-
protected floppy, but still write to your root filesystem...
--- end ------------------------------------------------------------

How far could one go with a custom CD-ROM used for booting ?  Has anyone
such a setup working ?

Carlos Amengual
Healthnet SL

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message