[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenBSD on a single floppy
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OpenBSD on a single floppy
- From: Andrew M Hoerter <amh_(_at_)_POBOX_(_dot_)_COM>
- Date: Thu, 11 Apr 2002 00:44:21 -0400
On Tue, 9 April 2002 A.D., Ben Goren wrote:
> Easy, there! I didn't say that there are no advantages to
> read-only systems, just that the ability to reboot to get rid of
> the invader is a figment of one's imagination. That one I'll stand
Agreed. You just seemed overly dismissive of compressing things down
to a floppy size (not necessarily *on* a floppy). There's a time and
place for it, and it doesn't necessarily involve a bong beforehand.
Getting away from security for a minute, being able to carry around a
semi-capable UNIX-on-a-floppy has tremendous utility in a lot of
situations. Rescue disk, creating a temporary workstation on a
foreign PC, etc. Take a look at "tomsrtbt" in the Linux world to see
some interesting possibilities (despite the fact that Linux is icky).
> The only class of vulnerabilities I can think of off the top of my
> head where a read-only system might hinder an attacker are temp
> file race conditions and their cousins..
Most /tmp file races are local in nature, and I doubt a system running
off a floppy will have many local users. Besides, /tmp would still be
writeable anyhow, except in very constrained situations.
I think of it like a firewall (in the traditional architectural
sense). A fire can still break out in your building, but a firewall
tends to limit the spread to certain areas. Also consider some of the
FS mount flags that could be used well in combination with a readonly
OS image (i.e. on the volatile filesystems).
> All in all, making a filesystem unwriteable to protect against
> attacks is all too much like the attempts to create compilers that
> make the stack non-executable: it'll protect against one class of
> vulnerabilities to a limited extent, at a great expense of
What functionality is nullified by making the stack non-executable?
(that wasn't entirely rhetorical, I'm really curious to know)
I bet the same argument was used when the first person made text
segments unwriteable: "but my self-modifying code will break!"
Sorry, I did kind of hijack your original response to do a general rant,
so for that I apologize.
"A long habit of not thinking a thing wrong, gives it a superficial
appearance of being right."
-- Thomas Paine