Date: Sat, 23 May 1998 20:03:23 +0200 From: Carlos <webmaster@healthnet-sl.es> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Pavol Adamec <palo.adamec@tecton.sk>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Virus on FreeBSD Message-ID: <35670F6B.87F2BBDC@healthnet-sl.es> References: <Pine.BSF.3.96.980522082752.11128A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote:
>
> [...]
>
> To protect the kernel properly, lkms need to be disabled at a sufficiently
> high run-level (possibly always), and appropriate file system stuff
> protected. Personally, I like the idea of using a CD-ROM for a file
> system, but it's not so very fast.
A related topic: the FreeBSD handbook mentions a booting setup with
read-only media involved:
--- from handbook ---------------------------------------------------
24.1.4. Interesting combinations
Boot a kernel with a MFS in it with a special /sbin/init which...
[...]
E -- Acts as a firewall/web-server/what do I know...
This is particularly interesting since you can boot from a write-
protected floppy, but still write to your root filesystem...
--- end ------------------------------------------------------------
How far could one go with a custom CD-ROM used for booting ? Has anyone
such a setup working ?
Carlos Amengual
Healthnet SL
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35670F6B.87F2BBDC>