On 11/15/18 4:00 PM, Jarkko Oranen wrote: > However, unless you're using really bad install media (like USB flash > memory or something) I don't think OpenBSD is very likely to suffer a > corrupted filesystem even on power outage unless you're doing very > heavy IO (and even then it's probably fine).
Yeah I have recently removed Ro root which is still perfectly possible. I liked the comfort of knowing an attacker (and myself) had an extra barrier in the way. It isn't really worth it though and I don't believe a UPS outage is a real worry for root. / is ~700M these days and like all? should be mounted without softdep. It is rarely written to and can be easily fixed or checked for modifications. The main benefit of read-only is not having to do disk checks but the time for root is negligible. /usr/local OTOH could be more time consuming to fix. This kind of demonstrates Lennart Poeterings recent tweet/boast about unified /usr to actually be a bad idea likely taken up by Debian out of frustration and not desire/design.
