[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD on a single floppy

On Tue,  9 April 2002 A.D., Ben Goren wrote:

> Easy,  there! I  didn't  say  that  there  are  no  advantages  to
> read-only systems, just  that the ability to reboot to  get rid of
> the invader is a figment of one's imagination. That one I'll stand
> by.

Agreed.  You just seemed overly dismissive of compressing things down
to a floppy size (not necessarily *on* a floppy).  There's a time and
place for it, and it doesn't necessarily involve a bong beforehand.

Getting away from security for a minute, being able to carry around a
semi-capable UNIX-on-a-floppy has tremendous utility in a lot of
situations.  Rescue disk, creating a temporary workstation on a
foreign PC, etc.  Take a look at "tomsrtbt" in the Linux world to see
some interesting possibilities (despite the fact that Linux is icky). 

> The only class of vulnerabilities I can think of off the top of my
> head where  a read-only system  might hinder an attacker  are temp
> file race conditions  and their cousins..

Most /tmp file races are local in nature, and I doubt a system running
off a floppy will have many local users.  Besides, /tmp would still be
writeable anyhow, except in very constrained situations.

I think of it like a firewall (in the traditional architectural
sense).  A fire can still break out in your building, but a firewall
tends to limit the spread to certain areas.  Also consider some of the
FS mount flags that could be used well in combination with a readonly
OS image (i.e. on the volatile filesystems).

> All in  all, making  a filesystem  unwriteable to  protect against
> attacks is all too much like the attempts to create compilers that
> make the stack non-executable: it'll  protect against one class of
> vulnerabilities  to  a  limited  extent, at  a  great  expense  of
> functionality.

What functionality is nullified by making the stack non-executable?

(that wasn't entirely rhetorical, I'm really curious to know)

I bet the same argument was used when the first person made text
segments unwriteable: "but my self-modifying code will break!"

Sorry, I did kind of hijack your original response to do a general rant, 
so for that I apologize.

"A long habit of not thinking a thing wrong, gives it a superficial
 appearance of being right."
               -- Thomas Paine