Re: [leaf-devel] Almost Write Protected Hard Disk
Hi At 18:38 22.03.2004 +, The Meddler wrote: Erich Titl wrote: You might even make insmod only available at boot time. Then getting access to your harware becomes quite a challenge. Hmm... that's food for thought. It would be easier to configure as well. I could use an admin floppy to load insmod and disk support when I want to reconfigure. Thanks. I dont suppose there are any howtos for removing hd support after boot time are there? Due to popular demand ;-) http://www.think.ch/leaf/wrap/packages/rmide.lrp let me know if it works for you cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Almost Write Protected Hard Disk
Erich Titl wrote: Personally I doubt it. Reading and building an ISO filesystem is rather trivial and should your LEAF box ever be compromised replacing the ISO file is easy. I would rather just remove the modules for IDE support from memory at the end if the init process. Then you need to either plug those in again (loading them across the link) or reboot to access the hard disk at all. You could even boot off the harddisk that way, forgetting the floppy alltogether. If the system were compromised then adding the disk support would be as easy as replacing the iso image. Using the iso image and comparing the md5 checksum at boot time would at least ensure that if the image was tampered with, the system would refuse to boot. IIRC Oxygen allows for md5 checksums in the packages, but presumably if these are on a writeable disk they would offer no advantage and Im not too sure how the mechanism is supposed to work. -- Paulo Rodrigues --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Almost Write Protected Hard Disk
Hi At 16:35 22.03.2004 +, you wrote: Erich Titl wrote: Personally I doubt it. Reading and building an ISO filesystem is rather trivial and should your LEAF box ever be compromised replacing the ISO file is easy. I would rather just remove the modules for IDE support from memory at the end if the init process. Then you need to either plug those in again (loading them across the link) or reboot to access the hard disk at all. You could even boot off the harddisk that way, forgetting the floppy alltogether. If the system were compromised then adding the disk support would be as easy as replacing the iso image. True if you know which modules to load, your disk on the other hand will respond immediately. This can be avouded. You might even make insmod only available at boot time. Then getting access to your harware becomes quite a challenge. Using the iso image and comparing the md5 checksum at boot time would at least ensure that if the image was tampered with, the system would refuse to boot. True, but it would also unveil your protection method. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Almost Write Protected Hard Disk
Erich Titl wrote: You might even make insmod only available at boot time. Then getting access to your harware becomes quite a challenge. Hmm... that's food for thought. It would be easier to configure as well. I could use an admin floppy to load insmod and disk support when I want to reconfigure. Thanks. I dont suppose there are any howtos for removing hd support after boot time are there? --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Almost Write Protected Hard Disk
Hi At 19:38 22.03.2004, you wrote: Erich Titl wrote: You might even make insmod only available at boot time. Then getting access to your harware becomes quite a challenge. Hmm... that's food for thought. It would be easier to configure as well. I could use an admin floppy to load insmod and disk support when I want to reconfigure. Thanks. I dont suppose there are any howtos for removing hd support after boot time are there? Not really, but it's not that hard either... Once all modules are loaded (at the end of the init chain) you could easily add an init script which deletes or overwrites the ide-xxx.o, insmod and probably boot/modules, etc/modules you name it. Then it is pretty difficult to access anything without network access to upload the necessary software or as you suggest a specific admin floppy. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Almost Write Protected Hard Disk
Hi At 12:10 21.03.2004 +, The Meddler wrote: I have an old laptop which has a floppy and two pcmcia slots that I wanted to use for LRP. It doesn't like 168k disks very much and I liked the speed of booting off a hard disk, but I was not so keen on the fact that the HD is writable. I came up with an idea, that might make booting off a hard disk slightly more secure and have got a proof of concept working. The basic concept was to create an iso image with the lrp packages and put that on the hard disk. Then with a little hacking of linuxrc, I persuaded it to mount the iso image using loop and then load the additional packages from the iso image. It does make it a lot harder for someone breaking in to change the configuration fo the router. They would need to create their own iso image and replace the one in the router with it. It wouldnt be a good idea to install samba.lrp on such a system. Though it would be possible to get linuxrc to check the md5 checksum of the image before loading, (assumimg you were loading initrd from a write protected floppy) Ive managed to get it working, loading initrd from the floppy and the rest of the modules from the image file. Do you think its worth continuing along these lines? Personally I doubt it. Reading and building an ISO filesystem is rather trivial and should your LEAF box ever be compromised replacing the ISO file is easy. I would rather just remove the modules for IDE support from memory at the end if the init process. Then you need to either plug those in again (loading them across the link) or reboot to access the hard disk at all. You could even boot off the harddisk that way, forgetting the floppy alltogether. my 0.02 Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel