Date: Thu, 21 Dec 2000 20:21:01 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Mikhail Kruk <meshko@cs.brandeis.edu>, "Michael A. Williams" <mike@netxsecure.net>, security@FreeBSD.ORG Subject: Re: Read-Only Filesystems Message-ID: <20001221202101.A32404@citusc.usc.edu> In-Reply-To: <xzp4rzxeh58.fsf@flood.ping.uio.no>; from des@ofug.org on Thu, Dec 21, 2000 at 07:57:55PM %2B0100 References: <20001221064842.B27118@citusc.usc.edu> <Pine.LNX.4.30.0012211139260.27904-100000@daedalus.cs.brandeis.edu> <20001221084452.A28157@citusc.usc.edu> <xzp4rzxeh58.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 21, 2000 at 07:57:55PM +0100, Dag-Erling Smorgrav wrote: > Kris Kennaway <kris@FreeBSD.ORG> writes: > > On Thu, Dec 21, 2000 at 11:39:56AM -0500, Mikhail Kruk wrote: > > > Kris Kennaway <kris@FreeBSD.ORG> writes: > > > > Correct, but if they're not noschg then you can trivially trojan a > > > > kernel module which you know is loaded at boot time. [...] > > > wait, but can't you make kernel modules and startup scripts noschg to= o? > > Go back and read the first paragraph above. It's theoretically > > possible, but the list of things you would have to noschg is huge, > > constantly changing from version to version, and not completely known. >=20 > Umm, people, please, "schg" not "noschg". If you find this confusing, Sorry, I always get those two confused because the abbreviation doesnt mean anything to me - I didnt have a FreeBD box handy to check the manpage on. Kris --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QtatWry0BWjoQKURAoarAJwJD8jI4zpHaq1tCKzipqM228tS5ACgsm8m hFWeUsSRSXEuRhyUOpLmpT4= =B22z -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001221202101.A32404>