Re: Writes to mounted devices containing file-systems.

[Helge Hafting <helgehaf@idb.hist.no>]

"Richard B. Johnson" wrote:
> 
> Is it possible that Linux could decline to write to a device that
> contains mounted file-systems? OTW, don't allow raw writes to
> devices or partitions if they are mounted; writes could only
> be through the file-systems themselves.
> 
> One of my file-servers was destroyed by an in-house hacker,
> (consultant) rented by our alleged Chief Information Officer,
> to destroy Linux systems and thereby show that they can't
> be used in a "professional" environment.
[...]
> I have about 20 megabytes of logs showing the machine being
> attacked from inside our firewall.

If doing that sort of thing to a server (as opposed to some
poor test machine) is okay in your company... well consider 
"testing" the security on *all* the non-linux machines as well.  

There are so many exploits out there, including but not limited
to those funny email viruses - and you get to run them
from within the firewall!

[...]
> Microsoft FUD has convinced a lot of companies that they will
> be subjected to stockholder lawsuits and customer rejection if
> they use Linux or any of those "insecure" Unix-type machines.
> 
> In this company, they hired a "CIO" who thinks that no computers
> should have any local storage or boot capability. They must all
> boot from some secure (M$) file-server. They will not be allowed
> to have local disks and, horrors -- of course no floppy drives or
> CD-ROMS.
> 
> He doesn't care that we are in the business of making software-driven
> machines so we require access to the guts of computers and their
> operating systems.

Looks like this business is going to fail soon enough...  
Start looking for other employment - avoid the rush when
it collapses.

> Linux development needs to know about the "big lie" method of
> forcing everybody to use what big companies (or the government)
> want you to use. Think, for a minute, about what "everybody knows".
> 
> "Everybody knows" relates to something that is so commonly accepted
> that nobody bothers to check if it's true or not.
> 
> Everybody knows:
>         "global warming..."
>         "greenhouse gasses..."
>         "asbestos as a carcinogin..."
>         "etc..."
> 
> The next one will be:
> 
>         "Linux is insecure..."
> 
> So, if it is at all possible to help improve its security without
> hurting its performance very much, it's really a matter of life-or-
> death for Linux. Otherwise "they" will get us.

Now, if you want a safe machine in such a hostile environment,
consider using a read-only boot device.  I.e. a cdrom, or
a harddisk jumpered read-only after the initial configuration.
You can then boot fast, and have work files on their secure server.

Helge Hafting