On Sat, 09 May 2009 08:15:09 -0500, Dale wrote:

> I was talking about with just a plain file system.  I read in a install
> guide somewhere when I was installing ages ago that having /boot on a
> separate partition, and not always mounted, was a good security
> practice.  That way no one could alter the kernel since it was not
> mounted. 

That's a bit of a red herring IMO. If anyone can alter your kernel they
can mount the filesystem. The argument about protecting the kernel from
corruption is similarly spurious, since you always have a spare copy
in /usr/src/linux anyway. The main reason for doing this was because some
BIOSes could work past cylinder 1024 of a drive, so you needed to ensure
the kernel was on a filesystem fully within that area.

If it were a security issue, then the Gentoo handbook would have
recommended this practice for all architectures, not just x86-based ones.


-- 
Neil Bothwick

If you don't pay your exorcist, you get repossessed.

Attachment: signature.asc
Description: PGP signature

Reply via email to