On Sat, 09 May 2009 08:15:09 -0500, Dale wrote: > I was talking about with just a plain file system. I read in a install > guide somewhere when I was installing ages ago that having /boot on a > separate partition, and not always mounted, was a good security > practice. That way no one could alter the kernel since it was not > mounted.
That's a bit of a red herring IMO. If anyone can alter your kernel they can mount the filesystem. The argument about protecting the kernel from corruption is similarly spurious, since you always have a spare copy in /usr/src/linux anyway. The main reason for doing this was because some BIOSes could work past cylinder 1024 of a drive, so you needed to ensure the kernel was on a filesystem fully within that area. If it were a security issue, then the Gentoo handbook would have recommended this practice for all architectures, not just x86-based ones. -- Neil Bothwick If you don't pay your exorcist, you get repossessed.
signature.asc
Description: PGP signature