[SOLVED] Can malware on comp get onto mounted read-only media when using livedvd?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can malware on comp get onto mounted read-only media when using livedvd?
PURPOSE: check if my understanding is correct.
Malware on an infected computer can & usually will get onto a livedvd in use, though removed upon a restart since only temporarily in RAM.
Thus, malware should easily be able to get onto any media (hdd/pendrive) mounted through the livedvd (unless media is write-protected).
Malware has to "write" to the disk to get onto it.
QUESTION: when mounting an external hdd (to an infected computer) as READ-ONLY, does this mean that malware from the computer will not be able to get onto the external hdd anywhere?
My question stems from thinking that maybe the malware can get onto the ext hdd in somewhat of a ‘dormant’ form, but not write to files until a later time when the hdd is NOT in read-only mode.
At the same time, I’m wondering if the files are the only part of the media that is in ‘read-only’ mode, or, conversely, if the “entire hdd” is in read-only mode.
Lastly, my guess is that the "livedvd" is completely irrelevant, and that malware can not get onto the disk (anywhere) b/c it would have to write to the disk to do so and it can not in 'read-only' mode.
Knowing this for certain is very important to me. Thanks.
Last edited by duupunisher2x; 08-24-2020 at 12:54 AM.
At the same time, I’m wondering if the files are the only part of the media that is in ‘read-only’ mode, or, conversely, if the “entire hdd” is in read-only mode.
Yes, this is precisely the problem.
When you mount a disk read-only, this means that you can't write to the files and directories on the filesystem that resides on the disk.
However, you can still write to the disk device, for example by writing to /dev/sdb1. So, yes it is possible for a program to alter the content of a disk that is mounted read-only. It won't be dormant; the effect would be immediate.
A DVD is different. DVD-R's can't be written at all, I would think (but I may be wrong). DVD-RW's can be written in principle, but I don't think it works the same as an HDD. SD-cards have a read-only switch, and some USB drives might enable you to make them readonly as well. When set to readonly, software should be unable to write to them at all.
So, if the malware writes to a partition while read-only - what happens once disk is 'no longer' in read-only mode? My guess is that the malware can move onto the files and directory at that point, infecting them or sort of 'sit on the files' waiting for the files to opened at which point only THEN will the file(s) will become infected (unless reading in read-only)......?
thanks again
Last edited by duupunisher2x; 08-24-2020 at 06:57 AM.
As a sidenote, is it fair to say that when files are in a directory, and malware is present, that the directory acts as a "preventitive wall" thereby preventing the malware from getting on the files themselves - until the directory is executed?
As a sidenote, is it fair to say that when files are in a directory, and malware is present, that the directory acts as a "preventitive wall" thereby preventing the malware from getting on the files themselves - until the directory is executed?
A directory doesn't protect files, it just contains them. And you can't execute a directory.
Directories don't get executed. They have an "execute" bit which, when set, allows their contents to be accessed, but no code is actually run when this happens because all a directory file can contain is filenames and their corresponding inodes.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.