On Fri, 30 Jan 2009, Petter Reinholdtsen wrote:
> [Henrique de Moraes Holschuh]
> > Err, how can it NOT be safe to write there?
>
> If something try to write there before /etc/rcS.d/S02mountkernfs.sh
> has executed, it will not be possible to write to /lib/init/rw/.
There shouldn't EXIST a non-wr
[Henrique de Moraes Holschuh]
> Err, how can it NOT be safe to write there?
If something try to write there before /etc/rcS.d/S02mountkernfs.sh
has executed, it will not be possible to write to /lib/init/rw/.
> What would be an example of expected use of that marker? I don't
> get it, either.
H
On Sun, 25 Jan 2009, Petter Reinholdtsen wrote:
> The file is created to make sure programs and scripts starting very
> early in the boot can know if it is possible and safe to write to
> /lib/init/rw/. Not much is using it yet, but I believe that area
> might be key to solving the problems associ
[Kenny]
> I am clearly late to the party, but this issue is still unresolved
> in Debian stable (presently etch). More than two years in the
> waiting. Ouch.
One can only wonder why the rootkit detectors still believe this file
is dangerous after more than two years, yes.
> What is using this f
I am clearly late to the party, but this issue is still unresolved in
Debian stable (presently etch). More than two years in the waiting.
Ouch.
> I don't see how an empty dot-file could be a useful part of a rootkit,
> and neither an empty directory or one that contains nothing more than
> other
Wouldn't it be possible to patch chkrootkit not to ignore certain
hidden files/dirs in every case, but only if they are empty?
I don't see how an empty dot-file could be a useful part of a rootkit,
and neither an empty directory or one that contains nothing more than
other empty files.
--
To U
6 matches
Mail list logo
