Karsten M. Self said on Thu, Dec 04, 2003 at 03:35:54AM -0800: > Given that 30% of spam is reported (Inquirer news story 3 Dec) to > originate from broadband-connected systems, minimizing the exposed > vulnerabilities of _any_ system should be a high priority. > Specifically: allow device and SUID access only where absolutely > necessary, keep system partitions mounted read-only if possible, protect > and/or isolate your kernel(s).
What I am trying to determine is the simplest safe partition configuration, assuming that the issue of system recovery from a damaged partition is moot and does not depend upon the host that was damaged. Simplest is probably "smallest number" of, in this case. Your comments are most helpful. I especially like the small /boot, and leaving it unmounted most of the time. > > > Well, for starters, /tmp *is* cleared between system boots, and is > > > appropriate for data which *must* not be preserved between boots. The > > > definitions are not identical, the directories are not equivalent. > > > > Your definition above is much stricter than what the FHS actually says, and > > under your definition /tmp and /var/tmp are not equivalent. Fair enough. > > The FHS allows for what Debian policy requires. Agreed. Debian policy requires that /tmp and /var/tmp are not the same location. M
pgp00000.pgp
Description: PGP signature
