On 30 Jun 2002, Mike Noyes wrote:
> On Sun, 2002-06-30 at 05:07, Manfred Schuler wrote:
[...]
> > Also I am a little bit astonished as all people
> > on the list agree that any additional level of
> > protection is an improvement. But in the discussion
> > about software-wp people argument as if it would
> > make things worse.
>
> We've lived with hardware write-protection for a long time, and we know
> it works. There is usually resistance to change, but it's rarely
> insurmountable.
I think the executables-only-on-read-only-mounted devices idea has merit.
I am, however, somewhat bothered about having to reboot into an alternate
excution environment before making configuration changes because of the
usability factor... only a very small minority of people putting together
a new LEAF box could do it without testing on the fly. Write-protect is a
very simple, direct solution to this problem, while your option has
potential to be rather operator-unfriendly.
> > I still think it is an improvement of security to
> > protect the ramdisk and to restrict access to the
> > boot device as far as possible. This increases the
> > required skills of an intruder and also the chances
> > to detect an intruder.
> > If you check the mounting options of the ramdisks
> > every second, an intruder has only one second to
> > compromise the system and to install and run the
> > tools to hide the intrusion.
> >
> > The protection can completely be done in a package.
> > A few changes (make /var a seperate file system,
> > separate mount from busybox) in the base system
> > would make things easier and do no harm to the
> > system. The user can then decide to use the package
> > or not.
> >
> > I'm short of free time at the moment, but maybe in
> > the next weeks I get the occasion to make a
> > beta-version of this package. I will post then the
> > information on the list when it is available.
>
> Please do. It's always worthwhile to look at new ideas. Please post your
> package information on the devel list when it's ready.
I, too, will be interested to see if my concerns are unfounded. :)
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
