Andreas Bihlmaier wrote: > > Hi, > > I got a quick question because I fucked up and think quite a bunch of > other people I have read about here did as well. > > I read in a couple of postings that people like to mount their root > partition as read-only, I followed that since it prevents accidents in > combination of 'rm' with '*' and <Return> as well as fscks of / > > By accident I stumbled about the the permissions of /dev/tty* today and > found that they get changed from > crw-rw-rw- 1 root wheel 5, 14 Dec 30 11:39 ttyp > to > crw--w---- 1 user tty 5, 14 Dec 30 12:11 ttype > when a user has them in use (or root). > > Obviously they can't get chmod/chown if / is ro, thus ripping a huge > local security hole into the system. > > Whey I mailed here is: > Is it good practice at all to mount / read-only? > Is it only an issue when using X? > Am I wrong and this is no security risk? Reasons? > > Regards, > ahb > > In case this is all nonsense (I didn't think it is), sorry for the noice
Hmmm, making / ro doesn't make things mounted under / ro. Arguably, having anything writable is maybe a security hole, but it's hard to do anything useful otherwise. If / is the only thingee that is read only, I don't think that buys anything worthwhile. rm -rf / still removes everything but the first level directories.
