> you can mount the storage as read-only - any unix filesystem will
> support read-only mount, and provided your root account isnt
> compromised, no one can remount it as write. Root cant write to
> read-only mounted filesystems without remount either.
>
> mount -r /dev/da2 /readonly in BSD land..
Beware, however, that on journaling file systems such as
ReiserFS or EXT3 you might incidentially change the file
system although it is mounted read-only:
http://www.mail-archive.com/reiserfs-list (at) namesys (dot) com [email concealed]/msg20263.html
Cheers,
Stefan.
--------------------------------------------------------
Stefan Kelm
Security Consultant
> support read-only mount, and provided your root account isnt
> compromised, no one can remount it as write. Root cant write to
> read-only mounted filesystems without remount either.
>
> mount -r /dev/da2 /readonly in BSD land..
Beware, however, that on journaling file systems such as
ReiserFS or EXT3 you might incidentially change the file
system although it is mounted read-only:
http://www.mail-archive.com/reiserfs-list (at) namesys (dot) com [email concealed]/msg20263.html
Cheers,
Stefan.
--------------------------------------------------------
Stefan Kelm
Security Consultant
Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
stefan.kelm (at) secorvo (dot) de [email concealed], http://www.secorvo.de/
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox
[ reply ]