IDE write-protect like scsi?

IDE write-protect like scsi?

Post by John McKow » Sat, 26 Sep 1998 04:00:00



Um, couldn't you just mount the file-system as read-only? The mount command
would be something like:

mount /dev/hda5 /webspace -oro

The directory /webspace and all files in that directory along with all
sub-directorys and files would be read-only. Not even root could write to
one of them without remounting the drive as rw.

 
 
 

IDE write-protect like scsi?

Post by John McKow » Sat, 26 Sep 1998 04:00:00


Um, couldn't you just mount the file-system as read-only? The mount command
would be something like:

mount /dev/hda5 /webspace -oro

The directory /webspace and all files in that directory along with all
sub-directorys and files would be read-only. Not even root could write to
one of them without remounting the drive as rw.

 
 
 

IDE write-protect like scsi?

Post by John McKow » Sat, 26 Sep 1998 04:00:00


You a kernel hacker? If so, I *think* that could could go into the source
code for the IDE driver and change it so that it would refuse to write to
the HD at all. You'd then create your custom Linux kernel like any other.
When you booted from it, the software simply wouldn't write to the HD. You'd
need to reboot using a different kernel. Make your custom kernel the default
loaded by LILO so that if, somehow, the system got rebooted, it would
default to the no-write kernel. But the more I think about this the worse it
gets. Doesn't Linux want to write stuff to the /var and /tmp subdirectories?
Maybe make specific partitions read-only via the kernel modification. I
guess this wouldn't secure against INT 13, but if you can't write to the HD,
how would the intruder install his/her modifications?

Another thought, if this is a separate machine, why not just get rid of root
and mount the HD read-only? If nobody has authority to issue mount command
and the /etc/fstab says to mount read-only, how could they add/delete/modify
any files on that partition?

If this is a shared machine, can you reboot it when on the Internet? If so,
create a kernel image which has a different "/" partition from the "real"
one. That "/" would be stand-alone (no access to any other partitions
defined in its /etc/fstab). Remove root from that partition's security (or
remove the mount command entirely). Again, make this the default boot kernel
for LILO. If the partition is read-only and there is no mount command
available, then I simply don't see any way for an intruder to
add/delete/modify a file. Without mount, the partition cannot be made
writable. If the partition cannot be made writeable, nobody can
add/delete/modify any files or directories. Of course, your alternate kernel
would boot with a different partition as "/" which would have root in the
security file. Perhaps having your Web's "/" mounted at a different mount
point. A real waste of disk space, but that's all I can think of.

 
 
 

1. modding IDE cable to write-protect compact flash?

hi all:

I am involved in a mini-project that is to build a solid state computer
(mini-ITX based) that will feature read-only medium. we have chosen
compact flash for its relatively cheap cost and larger compacity. and due
to the phyiscal limitations of the setup, we cannot use the popular
USB-flash sticks that come with a write-protect switch, we have to stick
with a CompactFlash-to-IDE converter.

it would be really nice if we could somehow protect the data on the
Compact Flash on a physical layer. we have thought about mounting the
Compact Flash read-only, but that doesn't protect the data on the Compact
Flash to be modified if someone gained super-user access to this machine.

i am wondering if it is feasible to short a few pins in the standard IDE
cable, so that the write signal does not get passed onto the Compact Flash
card. has anyone attempted similar solutions? i would really appreciate
any pointers and suggestions.

Thanks in advance.

2. diald/popclient problem, probably VFAQ

3. SCSI Write protect not properly detected

4. Calling all current/former CMS users

5. SCSI Tape drive write protect problem

6. Re recreatevg

7. SCSI command to Write Protect/Unprotect a ZIP drive

8. Programming of continuous exchange on TCP/IP

9. Checking tape write-protect status

10. Writing to write-protected floppy

11. Write-protect floppy ignored!

12. How to get write-protect for a 1/4 cartridge tape?

13. Write-Protect a directory with a password