On Fri, 30 Jan 2009, Petter Reinholdtsen wrote:
[Henrique de Moraes Holschuh]
Err, how can it NOT be safe to write there?
If something try to write there before /etc/rcS.d/S02mountkernfs.sh
has executed, it will not be possible to write to /lib/init/rw/.
There shouldn't EXIST a
On Sun, 25 Jan 2009, Petter Reinholdtsen wrote:
The file is created to make sure programs and scripts starting very
early in the boot can know if it is possible and safe to write to
/lib/init/rw/. Not much is using it yet, but I believe that area
might be key to solving the problems
[Henrique de Moraes Holschuh]
Err, how can it NOT be safe to write there?
If something try to write there before /etc/rcS.d/S02mountkernfs.sh
has executed, it will not be possible to write to /lib/init/rw/.
What would be an example of expected use of that marker? I don't
get it, either.
I am clearly late to the party, but this issue is still unresolved in
Debian stable (presently etch). More than two years in the waiting.
Ouch.
I don't see how an empty dot-file could be a useful part of a rootkit,
and neither an empty directory or one that contains nothing more than
other
[Kenny]
I am clearly late to the party, but this issue is still unresolved
in Debian stable (presently etch). More than two years in the
waiting. Ouch.
One can only wonder why the rootkit detectors still believe this file
is dangerous after more than two years, yes.
What is using this
Wouldn't it be possible to patch chkrootkit not to ignore certain
hidden files/dirs in every case, but only if they are empty?
I don't see how an empty dot-file could be a useful part of a rootkit,
and neither an empty directory or one that contains nothing more than
other empty files.
--
To
6 matches
Mail list logo