< Iwo Mergler
>Juha Kustaa Siltala wrote:
>>In article <y6acnf1xp9jJXpCiXTWQlg@giganews.com>, Mark Cudworth wrote:
>>>"Fool" <fool@tom.com> writes:

>>>>I fear that a hacker would gain admin rights in my computer.

>>>recompile your kernel without support for FAT32 file systems. (Don't
>>>even include support as a module.) This won't prevent the committed
>>>cracker from seeing the data on the partition if he/she has root access,

>>Reading unmounted FAT32 is very hard to do (or at least that's what I
>>think :)), most crackers are not very smart.

>Of all the standard RW filesystems, FAT32 is probably the easiest
>to read with a hex editor. Especially if it has been defragmented
>recently.
>
>Even if you don't know anything about the filesystem at all, just
>try the command below for a laugh.
>
> > strings /dev/hda

Here is a tutorial for beginner SK who doesn't have the knowledge of
filesystems nor forensics and file has been fragmented. `man mtools`
wrote "without mounting". If intruder got root and rights of root
are not restricted, they can read the partition even kernel doesn't
support FAT32.

---[ ~/.mtoolsrc ]---
drive c: file="/dev/hda16"

# /usr/bin/mdir -a c:
Volume in drive C is A16
Directory for C:/
RECYCLED <DIR>

$ /sbin/lsmod|grep fat

--
Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7