Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #75
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!news-transit.tcx.org.uk!rt.uk.eu.org!feeder.erje.net!news-2.dfn.de!news.dfn.de!news.uni-stuttgart.de!news.nask.pl!news.nask.org.pl!news.icm.edu.pl!.POSTED!not-for-mail |
|---|---|
| From | mcanswer@mcanswer.pl |
| Newsgroups | comp.os.linux.security |
| Subject | Re: Write protection on SD cards |
| Date | Sat, 17 Dec 2011 07:51:41 +0100 |
| Organization | ICM, Uniwersytet Warszawski |
| Lines | 19 |
| Message-ID | <7tobv7pu6a.fsf@leeloo.local.mcanswer.pl> (permalink) |
| References | <9hb396F3fcU1@mid.individual.net> <j8rfg7$6n8$1@dont-email.me> <9hkma2Fcu3U1@mid.individual.net> |
| NNTP-Posting-Host | 89-79-4-246.dynamic.chello.pl |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | news.icm.edu.pl 1324104702 17883 89.79.4.246 (17 Dec 2011 06:51:42 GMT) |
| X-Complaints-To | usenet@news.icm.edu.pl |
| NNTP-Posting-Date | Sat, 17 Dec 2011 06:51:42 +0000 (UTC) |
| User-Agent | Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) |
| Cancel-Lock | sha1:2uBCHd0UY4hOavZfogh7rKLdkjo= |
| Xref | x330-a1.tempe.blueboxinc.net comp.os.linux.security:75 |
Show key headers only | View raw
Günther Schwarz <strap@gmx.de> writes: > Tobias Blass wrote: > >> On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote: >> the attacker could (root access provided) e.g. load a kernel >> module or install another kernel that does not check the write >> protection switch. > > You understood that correctly. The device is supposed to survive in a > clean state in case the systems gets compromised and thus allow for a > fresh installation without having to insert a CD or doing a PXE boot. It > should be better in this respect than an extra partition on the main hard > disk. But still the security needs are moderate. You can always use some mandatory access control preventing attacker from access to this device and/or from load kernel modules. The first one could be done by SeLinux or RBAC, second one by for ex. GrSecurity
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-01 20:31 +0000
Re: Write protection on SD cards Lusotec <nomail@nomail.not> - 2011-11-01 21:48 +0000
Re: Write protection on SD cards Tobias Blass <tobiasblass@gmx.net> - 2011-11-02 13:10 +0000
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-05 11:51 +0000
Re: Write protection on SD cards mcanswer@mcanswer.pl - 2011-12-17 07:51 +0100
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-12-17 16:32 +0000
csiph-web