Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #75
| From | mcanswer@mcanswer.pl |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Write protection on SD cards |
| Date | 2011-12-17 07:51 +0100 |
| Organization | ICM, Uniwersytet Warszawski |
| Message-ID | <7tobv7pu6a.fsf@leeloo.local.mcanswer.pl> (permalink) |
| References | <9hb396F3fcU1@mid.individual.net> <j8rfg7$6n8$1@dont-email.me> <9hkma2Fcu3U1@mid.individual.net> |
Günther Schwarz <strap@gmx.de> writes: > Tobias Blass wrote: > >> On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote: >> the attacker could (root access provided) e.g. load a kernel >> module or install another kernel that does not check the write >> protection switch. > > You understood that correctly. The device is supposed to survive in a > clean state in case the systems gets compromised and thus allow for a > fresh installation without having to insert a CD or doing a PXE boot. It > should be better in this respect than an extra partition on the main hard > disk. But still the security needs are moderate. You can always use some mandatory access control preventing attacker from access to this device and/or from load kernel modules. The first one could be done by SeLinux or RBAC, second one by for ex. GrSecurity
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-01 20:31 +0000
Re: Write protection on SD cards Lusotec <nomail@nomail.not> - 2011-11-01 21:48 +0000
Re: Write protection on SD cards Tobias Blass <tobiasblass@gmx.net> - 2011-11-02 13:10 +0000
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-05 11:51 +0000
Re: Write protection on SD cards mcanswer@mcanswer.pl - 2011-12-17 07:51 +0100
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-12-17 16:32 +0000
csiph-web