Date: Thu, 20 Jun 2002 16:17:04 -0700 From: Lawrence Sica <lomifeh@earthlink.net> To: Klaus Steden <klaus@compt.com> Cc: Maxlor <mail@maxlor.com>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: preventing tampering with tripwire Message-ID: <3D126270.5050604@earthlink.net> References: <27700541.1024450071@[10.0.0.16]> <2799555.1024487443@[10.0.0.16]> <20020620011704.G589@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Klaus Steden wrote: >>Putting the tripwire binary on an external, read only drive doesn't help. >>As I mentioned, an attacker who gained root could simply unmount the disk >>and place a tampered copy into the mountpoint dir. I would only notice this >>if I happened to have a closer look at df *and* the attacker was nice >>enough not to modify df too. >> http://www.phrack.org/show.php?p=51&a=9 The above url is a decent article about ways to bypass systems. Sure it's from 1997, but it still has good insights and information. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D126270.5050604>