Hi, one reason for software write protection is that people using flash/hard disk at the moment have no other possibilities. And even if it is not perfect, it is better than nothing.
If you set the system up in a way, that you cannot execute the files you can write and you cannot write the file you can execute, an intruder can only work with the programs available on the system (if there is no tool on the system to change the protection setup) Have a look at my earlier post on the devel list: http://sourceforge.net/mailarchive/forum.php?thread_id=790382&forum_id=5484 I don't see a way to change the write and execute protection when mount is not available, but maybe the list knows one? Manfred Mike Noyes schrieb: > > On Fri, 2002-06-28 at 07:49, John Klar wrote: > > Very recently on linux-kernel somebody posted a capabilites based method > > of securing a disk something along the lines of boot, mount the media, > > remove the userspace mounting tools and drop write privs. > > > > On the IDE/CF side you _might_ be able to get away with monkeying with the > > write enable line. This would make the device unresponsive (not even > > readable) and probably confuse the kernel. If I get a chance in the near > > future, I may hack a cable to see how well this works (or not). Note that > > I don't run with the filesystem live, I still populate a ramdisk from > > .lrp's. > > John, > Both of these ideas were discussed earlier on the devel list. Write > protect implementations using software can be defeated, and the IDE > specifications prevent the second solution from working. > > Note: we should probably move any further hardware discussion to the > leaf-hardware list. > > ATA-Disk Module > http://www.sst.com/products/58sm_lm.html > ATA-Disk Chip Application Notes > http://www.sst.com/superflash/pdf/222.pdf > ATA-Disk Module Product Brief > http://www.sst.com/ata_disk/admbrief.pdf > ATA-Disk Module (Apacer) > http://www.apacer.com/product/flash/index_adc_adm.html > > -- > Mike Noyes <[EMAIL PROTECTED]> > http://sourceforge.net/users/mhnoyes/ > http://leaf-project.org/ > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Caffeinated soap. No kidding. > http://thinkgeek.com/sf > > _______________________________________________ > Leaf-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-devel -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
