Re: read only root file system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sun, May 25, 2008 at 7:47 PM, Karanbir Singh <mail-lists@xxxxxxxxx> wrote:
> Linux wrote:
>> A cd-rom can provide security as a readonly mount, but readonly
>> mounted ordinary filesystem/disk means almost nothing. Dont you read
>> comments like "administrator remounts read-write"? Why?
>
> If your blockdev is exposed to the OS as 'ro', your administator can go
> jump off a cliff if he wants, he's not geting +w on there.

Hmmm... interesting.

Is there a way to force the OS to see a SCSI disk or partition as a
"ro" blockdev like this? Nobody who doesn't have physical access
cannot write to the root filesystem. And yet you might be able to
reboot the machine (in "rw" mode, maybe another entry in grub menu?),
do your updates, and reboot the machine again turning it read-only. It
would be very useful indeed from the security point of view.

Thanks,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux