Hi, On Sun, December 16, 2007 13:03, Tetsuo Handa wrote: > Hello. > > David Newall wrote: >> > You won't be able to login to the system because /sbin/mingetty >> > fails to "chown/chmod" /dev/tty* if /dev is mounted for read-only mode. >> >> Good point. So, if only root can modify files in /dev, what's the >> problem you're fixing? (I'm sure you tried to explain this in your >> original post, but your reasons weren't clear to me.) > > In 2003, I was trying to make / partition read-only to avoid tampering system > files. > Use of policy based mandatory access control (such as SELinux) is > one of ways to avoid tampering, but management of policy was a daunting task. > So, I tried to store / partition in a read-only medium so that > the system is free from tampering system files. > > When I attended at Security Stadium 2003 as a defense side, > I was using devfs for /dev directory. The files in /dev directory > were deleted by attckers and the administrator was unable to login. > So I developed this filesystem so that attackers who got root privilege > can't tamper files in /dev directory. What prevents them from mounting tmpfs on top of /dev, bypassing your fs? Also, if they have root there are plenty of ways to prevent an administrator from logging in, e.g. using iptables or changing the password. Greetings, Indan - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
