On 2006/10/29 06:23, Nick Guenther wrote: > I other words: yes. The operation of mounting requires you to be able > to write to the filesystem you are mounting on to
I admin a number of boxes that disprove this theory (-: > (at least, that's how my intuition tells me it should work; otherwise > an attacker with "mount" might be able to overload the mounted filesystems > on a read-only filesystems, defeating the purpose of the read-only) > > I believe just rerunning mount with different options on the > already-mounted fs will do it, right? think about what you're saying here: if it's possible to remount (which it is), an attacker with mount(8) can defeat RO anyway (and of course they could mount a new /usr/bin or whatever over the top of the existing one). # mount -uw / # mount -ur /