Date: 21 Dec 2000 19:57:55 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Mikhail Kruk <meshko@cs.brandeis.edu>, "Michael A. Williams" <mike@netxsecure.net>, security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <xzp4rzxeh58.fsf@flood.ping.uio.no> In-Reply-To: Kris Kennaway's message of "Thu, 21 Dec 2000 08:44:52 -0800" References: <20001221064842.B27118@citusc.usc.edu> <Pine.LNX.4.30.0012211139260.27904-100000@daedalus.cs.brandeis.edu> <20001221084452.A28157@citusc.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@FreeBSD.ORG> writes: > On Thu, Dec 21, 2000 at 11:39:56AM -0500, Mikhail Kruk wrote: > > Kris Kennaway <kris@FreeBSD.ORG> writes: > > > Correct, but if they're not noschg then you can trivially trojan a > > > kernel module which you know is loaded at boot time. [...] > > wait, but can't you make kernel modules and startup scripts noschg too? > Go back and read the first paragraph above. It's theoretically > possible, but the list of things you would have to noschg is huge, > constantly changing from version to version, and not completely known. Umm, people, please, "schg" not "noschg". If you find this confusing, use "simmutable" instead. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp4rzxeh58.fsf>