Mike McCarty wrote:
John Wendel wrote:
While reading this thread it occurred to me that if disk drives had a
read-only switch, then systems would be uncrackable. Automated updates
would be impossible, but I could live with a complicated update
process if it would guarantee that my programs couldn't be compromised.
Can someone tell me why this isn't a good idea? There must be a fatal
flaw that I don't see, or else someone would be selling drives like this.
There are several possible interactions. These occur to me immediately.
First, if this were done on a disc which contained the syslogs,
then no syslogs could be made.
Second, if this were done where mount info and so forth get stored,
then the system couldn't boot.
Third, if this were done to a "data file only" disc, then access time
information could not be stored.
Mike
I guess most people wouldn't want to dedicate an entire disk for this
function, but I'm sure that the disk drive firmware could write
protect just a portion of the drive. Maybe the first 10GB (or some
jumper selectable size) could be read-only (with a switch).
/var needs to be on a writable partition. But there shouldn't be any
executable files in /var. There are special filesystems ("unionfs" ?)
that redirect writes to a read-only file to a copy of the file in a
writable partition (I think).
/etc needs to be cleaned up so that any configuration or status files
that require dynamic updates are stored in /var/etc. Again, maybe the
unionfs would fix this problem.
Maybe a small ramdisk could hold the config files from /etc that need
to change when the system boots.
I always mount my data disks with noatime and noexec. But I'm not
really concerned with data files, just executable programs.
I suspect that all the software pieces to make this happen already
exist, used now for live-CDS and such. Somebody just needs to make the
read-only disk drive.
Regards,
John
