On Fri, 2002-02-08 at 13:12, Radu Filip wrote:
>
> http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
>
> "This feature allowed you to run shutdown -h (halt) on the machine, and
> the firewall would remain active but with no drives mounted and no
> processes running. That is, the firewall would be in run level 0, but
> still be filtering packets."
Am citit si eu articolul ala, si m-am intrebat care e diferenta
_practica_ (d.p.d.v. al atacatorului) intre o scula ca aia, si un FW
care buteaza de pe CD si merge intr-un runlevel "normal" dar nu ruleaza
nici un daemon sau servici (in afara de ipchains/iptables desigur, care
nu e nici daemon si nici servici nu prea seamana a fi :-D).
De fapt, runlevel-ul e o pura conventie (depinde cum iti faci inittab),
iar daca mediul de stocare e read-only (sa zicem ca ai totusi
configurarile pe o discheta, pe care o faci read-write doar cind le
scrii, si read-only in rest)... Nerulind servicii, nu poti obtine shell,
iar atacurile stupide gen "suprascrie /etc/passwd" nu merg din cauza ca
e read-only.
Vreau doar sa zic ca concluzia articolului ("eu, autorul, am facut o
descoperire") mi se pare exagerata. Nu e nici o descoperire, e doar un
alt mod de a implementa niste procedee vechi.
--
Florin Andrei
"Do not try to bend the spoon. Only try to realize the truth."
"What truth?"
"That there is no spoon."
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
