LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Hunting for Rootkits

Hunting for Rootkits

Posted Mar 3, 2007 9:49 UTC (Sat) by danshearer (guest, #18686)
In reply to: Hunting for Rootkits by drag
Parent article: Hunting for Rootkits

Some reasonable points, but you can reduce exposure a lot by never mounting executables rw except when you are going to update them, which is a lot easier than all this. And with VMs the update is quite possible external. So the internal system never gets a chance to compromise its binaries. I fact it may not even have permission to do so. You can enforce the same thing on a real machine with various mechanisms such as immutable bits.

RO policies can be circumvented, but it does substantially narrow the possibilities for an attacker.

(Log in to post comments)

Mounting r/o + root permissions

Posted Mar 8, 2007 23:57 UTC (Thu) by blujay (guest, #39961) [Link]

If modifying an executable requires root permissions, and an attacker was able to do so, wouldn't he also be able to remount a partition r/w?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds