Hemmann, Volker Armin wrote: > On Thursday 16 February 2006 17:18, Alexander Skwar wrote: >> Hemmann, Volker Armin wrote: >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote: >> >> Hemmann, Volker Armin wrote: >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote: >> >> >> Izar Ilun wrote:
>> > Why should he make /tmp noexec, >> >> Security precaution. > if you have 10+ users with access to the box. But a workstation, without even > sshd running, it is not needed. "needed" - What's "needed", anyway? > And hey, why should /tmp noexec save you from anything? Because it does. > If someone is able to break into your box, he can build his tools in /home > or /var/tmp or somewhere else. No need for /tmp. Wrong again. If tmp is the only place somebody can write, then it might save you (and it DID save my ass more than once now). >> >> > With that sizes, it is nearly impossible to fill / completly up. >> >> >> >> And it's impossible to have some flexibility. >> > >> > no, it is absolutly flexible >> >> Ah. Please explain how you mount /tmp noexec and /usr >> readonly. > > I don't because it is wasted effort. Of course it's not. So, how do you do that? > If someone has the right to write to a rw /usr/ partition, Why should he have that right? > he has the rights > to remount a ro /usr as rw That's of couse wrong again. > and can go on.. It just makes maintance harder. Not really. >> Please also explain, how you seperate data areas (like >> /var and /usr). > > I have /var and /usr? That's not the question. Please answer it. *YOU* are the one saying that a grossly oversized filesystem offers more flexibility. >> I see. Strange thing is, that about every server and workstation >> I've seen more or less contradicts what you say. > > if you have 20+ users on each of them, and every single one is a little > cracker in disguisse, it may make sense, but for a single user box? Why are you asking? >> > yes it is. It wastes space, >> >> Not really. Some. But not really. > > 15% of the space on each partition. That sums up. Yep. And your 15% are of course less then my 15%, correct? > If every partition takes a second, it will be very noticable. Hardly. (Notice that I'm not saying "No".) While what you're saying is true in theory, you're exaggerating enourmously. And because of that, you're wrong. >> If you're *SO* low on hard disk space, I'd advice to buy >> more harddisks. > > more harddisks = higher chance that one of them dies. Yep. Time to stop those bad backups. You're funny. More of this, please! 8=) > It is simple math. *LOL* _You_ should not talk about maths :) > I haven't seen any good reason for a bazillion small partitions, That's of course not what I wrote. BTW: What's a "bazillion"? More than you can count? More than 5? :) And *YOU* are talking about maths? *G* You are really making me laugh - thanks! > that only > increase your work Not really. > and have to be monitored constantly (f* /var is full, > f* /tmp is full f* I have to remount /usr). What are you talking about? "constantly"? Well, you know, if "df" is too hard for you - sorry, pal, tough luck. But you just cannot expect to be taken seriously. Alexander Skwar -- So what is the best way to protect yourself against the ILOVEYOU virus? Install Linux. If that's not an option, try uninstalling Windows. -- Geoff Johnson -- gentoo-user@gentoo.org mailing list
