On Saturday 09 May 2009, Dale wrote:
> I was talking about with just a plain file system. I read in a
> install guide somewhere when I was installing ages ago that having
> /boot on a separate partition, and not always mounted, was a good
> security practice. That way no one could alter the kernel since it
> was not mounted.
>
> I do agree that if a person was on the system and able to get root
> access, they could them mount the /boot partition as well. I never
> was really sure why this was thought to work. I used a separate
> /boot because for a while I was dual booting Mandrake and Gentoo.
> Old habit now I guess.
It's a suggestion for security against user errors; I'm pretty sure it
was there long before genkernel came out, when there
wasn't "automation" in kernel building.
Furthermore you can use a non journalled filesystem for /boot.
Ciao
Francesco
--
Linux Version 2.6.29-gentoo-r3, Compiled #2 SMP PREEMPT Sat May 9
18:15:29 CEST 2009
Two 1GHz AMD Athlon 64 Processors, 4GB RAM, 4018.42 Bogomips Total
aemaeth
