[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moscowchannel.com hack



On Sun, 1 Sep 1996 12:22:40 -0500 (CDT), Igor Chudov @ home wrote:

>> > > Write your web site to a CD-ROM and hard-code the base directory into the
>> > > webserver.
>> > 
>> > A hacker who has root can forcibly unmount the cdrom and mount another
>> > directory on that node. Not a good solution.
>> 
>> Real hard disks such as RL02's & RK07's have WRITE DISABLE
>> switches....
>> 
>
>You can't mount the whole Unix read-only, so there will always be a place
>to put the hacked web page, and then mount that place over DocumentRoot.
If you had enough RAM in the machine, you could disable swapping, send all log
files to /dev/nul (or /dev/lp0), run *only* a web server or anything else that
can avoid writing to disk (probably no CGI, etc).  It wouldn't be too
interesting, but then you probably don't want much happening on your web server
anyway. You could even wire that write-disable switch or jumper into a
keyswitch on the main console.

- "'Anonymity is bad,' says a source who wishes to remain anonymous." - Nuff' said.
* Home: Chris Adams <[email protected]> | http://www.io-online.com/adamsc/adamsc.htp
* Autoresponder: send email w/subject of "send resume" or "send PGPKEY"
* Work: [email protected] | V.M. (619)515-4894 | (619)689-6579
* Member in good standing of the GNU whirled hors d'oeuvre