> I do think read-only media is an interesting idea, by the way :) Dale is
> right though, there are still vulnerabilities. Personally, I like the idea
> of marking the files immutable myself. This way, even root can't change the
> content unless the machine is brought down into single-user mode. Not sure
> how many other operating systems support this other than (the great) BSDI
> though.
I just have a couple of points to bring up on this thread:
1. My comment was partially meant as a joke, it's horribly impractical
for ISP's and Univerisities and such to require operator intervention
every time a webpage needs to be updated. Such a level of paranoia
*might* only be appropriate for government agencies and authoritative
advanced research sites.
2. With regards to marking files immutable: If I really wanted to secure
a file, I wouldn't do it with software security. No way no how absolutely
not - this is the whole point, hardware-level security is the entire point
behind R/O media. I myself would only feel comfortable with jumpering the
hard drive as read-only or mounting a CD-ROM if I ever had to go to such a
level of paranoia.
Mike Idengren | MEISTER
---------------------------------+----------------------------------
Center for Information Technology| Alachua Free-Net IRC Administrator
Stetson University | WorldWide Free-Net IRC Network Coordinator
Follow-Ups:
|
|
