On 2003-11-30, Karsten M. Self <[EMAIL PROTECTED]> wrote:
>> I recommend making it far larger than in the Debian security doc
>> though. On my servers I have /boot and /usr read-only, and I've been
>
> You can leave /boot unmounted altogether. The only times it needs to be
> accessed are:
>
> - At boot time, where access is direct to partition, and the partition
> need not be mounted (indeed, can't be).
>
> - When examining kernel config files and System maps (read-only)
>
> - When installing a new kernel (writeable)
Show me a good reason to separete /boot to a separate partition at
all. What's the extra security we get out of this?
In /boot there are only the kernel images. System.map's, kernel
config, and GRUB config.
All that is writable only by root anyway (perms -rw-r--r-- root.root)
If an attacker get's rights to write or change perms of files there,
he can equally easy remount the partition rw.
So what's the point?
--
Miernik ________________________ jabber:[EMAIL PROTECTED]
___________________/__ tel: +48608233394 __/ mailto:[EMAIL PROTECTED]
Support impeaching the war criminalist George W. Bush
http://www.votetoimpeach.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
