[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Inherited & RO Filesystems
From:       Brett Lymn <blymn () awadi ! com ! au>
Date:       1996-06-25 13:25:22
[Download RAW message or body]

According to der Mouse:
>
>You don't need that; all you need is to drop the stuff somewhere local
>and then NFS-mount localhost:/some/where/writable on /where/you/want.

Hmmmm you mean you are willing to keep the NFS stuff in the kernel on
a firewall machine?  Personally, I trashed that along with every other
option in the kernel - only putting back the ones that made the sucker
work.  If the kernel won't support NFS they won't be able to implement
the trick.  I suppose they could to the same with a local file system
but that would be a bit trickier to do without being noticed ;-)

>But of course neither one will stay in place upon reboot, and as an
>admin, I'd much prefer a system that needed just a reboot to clean it
>of intruder damage than one that had to be reinstalled off backups.
>

Amen, brother.

>With BSD, you have the additional benefit that the mount list is kept
>in the kernel, so to hide your mount you have to trojan mount as well
>as whatever else - one more thing for the attacker to get wrong....
>

IMHO the harder you make the cracking activity, the more likely it is
they will make a mistake.  Besides it certainly will weed out the
script jockeys that fancy themselves as crackers....

--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
 ==============================================================================
  "Upgrading your memory gives you MORE RAM!" - ad in MacWAREHOUSE catalogue.

[prev in list] [next in list] [prev in thread] [next in thread]