tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Moving rc.d scripts to base.tgz

On Thu, Apr 14, 2011 at 10:19:25PM +0000, Michael van Elst wrote:
> (Thor Lancelot Simon) writes:
> >I should note that this doesn't give me what I want, since if the
> >system still goes looking in /etc for stuff to execute at boot time
> >(or shutdown time, or...) I still can't safely leave /etc mounted
> >read-write.
> Why would other files in /etc have less impact than the rc scripts?

Because they are not programs in general purpose programming languages.
And because they -- generally -- do not control behavior of the system
while the system is at security level 0 such that they can cause
permanent TCB compromise.

If I'm concerned about the possibility of configuring a system daemon
in such a dangerous way, I can remove it -- or elsewise pin down its
configuration.  But removing the shell from a Unix system is a much
more drastic exercise, though I have done that, too.


Home | Main Index | Thread Index | Old Index