Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I may be nuts, or paranoid, but it's not as if I have the reputation of a "guru" to lay on the line here. :-)
I have been trying to edit my fstab file so as to mount my main, system partition read-only by default. So far, however, I have failed to achieve this seemingly simple objective. I have exhausted the advice given to me here by others; nothing has worked. Now I need some independent third party/parties to double check my findings for themselves and report back here.
I have tried this on two different bang-up-to-date distros with the same results. Their kernels aren't the same, but the results are. I will post the kernel details on request if necessary, but please try this for yourselves first to ensure I haven't made some STOOPID mistake!
Here's what to do:
Edit your fstab in any way to please to make it so your main, system partition is mounted read-only on boot-up.
Check with "mount" after re-booting that this has taken effect.
Now try to write/save something to the filesystem on this partition.
I may be nuts, or paranoid, but it's not as if I have the reputation of a "guru" to lay on the line here. :-)
I have been trying to edit my fstab file so as to mount my main, system partition read-only by default. So far, however, I have failed to achieve this seemingly simple objective. I have exhausted the advice given to me here by others; nothing has worked. Now I need some independent third party/parties to double check my findings for themselves and report back here.
I have tried this on two different bang-up-to-date distros with the same results. Their kernels aren't the same, but the results are. I will post the kernel details on request if necessary, but please try this for yourselves first to ensure I haven't made some STOOPID mistake!
Here's what to do:
Edit your fstab in any way to please to make it so your main, system partition is mounted read-only on boot-up.
Check with "mount" after re-booting that this has taken effect.
Now try to write/save something to the filesystem on this partition.
Please let me know what happens!
NB, very latest kernels only, please.
It's not gonna be as simple as saying "mount / read-only". You're gonna need to do additional work, such as creating links to writeable file systems for files that need to be, well, writeable. Your best bet might be to download a live distro that runs with its root file system on the CD-ROM and see how they do it. One example of such a distro is Devil-Linux. Also, keep in mind that making your root file system be read-only doesn't really accomplish much with regards to security. If your box is rooted, the attacker simply needs to remount the file system read-write. I guess what I'm saying is, make sure you understand that a read-only file system is not the same as read-only media.
EDIT: BTW, I've edited the thread title to something a bit more sensible.
It's not gonna be as simple as saying "mount / read-only".
Well there's still some part of the puzzle missing. I'm simply inviting people to perform this test for themselves and report back their findings. Better to scare a few people unnecessarily-temporarily than to have them genuinely exposed to severe risk through saying nowt.
I feel I should also point out that when a user specifies that the partition he wants to mount be mounted as READ-ONLY, and the operating system confirms that this HAS INDEED BEEN DONE - that he should be able to RELY on this confirmation, without subsequently finding out to his horror - as I have - that the bloody thing remains writable!!!
If I mount a partition using fstab on my system ro, then it is ro, impossible to write to it.
Thanks, Repo. Good 'ol Debian!
Btw, the two distros I refer to where I have been unable to make read-only sticky, are PCLinuxOS and Linpus. I haven't tried this with any others; although I have tried these distros with other machines and got the same failure.
Actually, I think I'll just install Ubuntu 8.1 (Debian based) and see if I still have the same problem.....
Last edited by Completely Clueless; 04-19-2009 at 05:10 AM.
mount however kept giving mounted rw, but it was ro
My guess is that is due to /etc/mtab not being able to be updated, since at that point the file system is read-only. If that's the case, then replacing /etc/mtab (after backing it up) with a link to /proc/mounts should do the trick me thinks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.