Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] root fs read-only
  • From: Juergen Ellinger <ellinger@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 18 Jul 2000 15:14:12 +0200 (MET DST)
  • Message-id: <Pine.GSO.4.21.0007181454470.26970-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
usually the root-fs is mounted read-only by the kernel itself. The
init-process reads fstab and mounts the filesystems according to it after
checking them (see /sbin/init.d/boot for details). I don't think that you can
perform any writes to an ro-mounted fs. I suppose instead that your root-fs
is mounted rw. To test it use mount w/o any parameters. The output will look
like this:

/dev/hda1 on / type ext2 (rw)
proc on /proc type proc (rw)
/dev/hdc5 on /home type ext2 (rw,usrquota)
devpts on /dev/pts type devpts (rw,gid=5,mode=0620)

The last field in brackets shows the mounting options. I would expect your
System showing / mounted rw. So you should seek for any calls to mount within
the init-scripts, that remount / rw. The call should look like this:

mount -no remount,rw /

If you find the scripts beeing modified, you should check whether you have
been hacked...

hope that helps!


Btw: It sounds stupid, bud stupid mistakes are often hard to find - is there
another line below your entry "/ ext2 (ro)" that causes a second remount of
your root-fs rw?

Nikolai Dahlem wrote:

>I try to mount my root-fs readonly.
>My fstab contains
>/ ext2 (ro)
>and the msg during boot process say it mounted read-only, but in fact it's
>not; I can cp/mv/rm files and evertyhing. Strange thing is /boot ext2 (ro)
>Any suggestions ?

Jürgen Ellinger
Siemensstraße 44
88250 Weingarten


< Previous Next >
Follow Ups