>>> They could certainly do it, but there will be no /dev on this
>>> partition ...
>> so they use a /sbin/init that has their own devfs, or it's own
>> ramdisk .. the point is:  if someone can get to RB_ASKNAME, you've
>> lost.
> No, because there's no /sbin at all

If the attacker can write a file anywhere the booter can load it,
you've lost.  Perhaps most simply, that file can be a kernel with a
ramdisk filesystem including a full-fledged OS - there are many other
possibilities.

If the machine has no writable drives at all, you are probably okay.
Probably.  I wouldn't want to count on it.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B