> > No, it's an argument of efficacy. Removing rw from a mount doesn't > remove the ability to write to it for a malicious user. If it > gives you > warm fuzzies, great, do it. But that's all it's going to do for you. > > Mike Stone > >
So the question is if mounting /usr without owner write permissions is effective in increasing security. Clearly it doesn't help protect from a malicious attacker installing a root kit after already compromising root privileges. Much better to run some kind of tripwire program to do integrity checking (and store the chesksums on a physically read only medium), but even this doesn't achieve much given the likes of http://phrack.org/show.php?p=52&a=18 for instance. But maybe there is an argument for it in terms of protecting against accidental corruption of /usr, for example a process running as root has a bug that causes the corruption of files in /usr (but then why are we worrying only about /usr?). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
