Re: read-only file systems
From: Vladimir Ivanov (VIvanov@tee.toshiba.de)Date: 09/11/01
- Previous message: Silvex Security Team: "Re: read-only file systems"
- In reply to: Kurt Seifried: "Re: read-only file systems"
- Next in thread: James Puckett: "Re: read-only file systems"
- Next in thread: Heather Flanagan: "RE: read-only file systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B9DC8A4.80AE73AF@tee.toshiba.de> Date: Tue, 11 Sep 2001 10:17:40 +0200 From: Vladimir Ivanov <VIvanov@tee.toshiba.de> To: focus-sun@securityfocus.com Subject: Re: read-only file systems
> > I know /usr can be comfortably turned in to a read-only file system
> for
> > particularly hardened systems - or at least I can't think of any
> reason
> why
> > not. Can the same be done with / on Solaris 8?
>
> Sure. unless you need to change passwords. or have log files locally.
> or
> create tmp files or lock files. or maybe write to /etc/mtab (or
> whatever it
> is in solaris). I would reccomend something like argus pitbull rather
> then
> going through the insane hassle of trying to make / read only. plus
> once the
> attacker has root they can remount it.
I'm afraid you are mistaken.
How can you mount / RO, if you have no
/dev and /devices as separate partition? This is not Linux where you
can have devfs.
Am I wrong?
-- Vladimir Ivanov System Administrator E-Mail: VIvanov@tee.toshiba.de Toshiba Electronics Europe GmbH Tel/Fax: +49-211-5296-297/386
- Previous message: Silvex Security Team: "Re: read-only file systems"
- In reply to: Kurt Seifried: "Re: read-only file systems"
- Next in thread: James Puckett: "Re: read-only file systems"
- Next in thread: Heather Flanagan: "RE: read-only file systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
