[lug] Protecting filesystems [Was: R00tKIT!! Raah!]
D. Stimits
stimits at comcast.net
Wed Jun 15 12:03:05 MDT 2005
One problem is that even if you do something like run entirely from a CD
distro, they *can* still exploit it...but the exploits are in ram. When
you reboot it, the exploit is erased, you essentially have a new
install. But that new install is still vulnerable and they can do it
again as soon as reboot is done. Certainly you need to protect the
filesystem, but making it read-only is only a partial solution if the
attacker is a persistent non-script-kiddie. Sometimes I think it would
be nice to have the system ram itself somehow loopback encrypted, right
down to the last byte of memory...but that would probably require
hardware support and I have no idea how it could be done even with that.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list