Joco Salvatti wrote:
>
> Hi all,
>
> To increase the security level of my OpenBSD system I have defined at
> /etc/fstab that the root partition should be read only. /etc/fstab
> follows:
Me, I just lurk here but:
1) if having / ro would actually improve security,
they would have done so long ago.
2) There are probably essential reasons why / cannot be read-only
on a useable system. Involving /etc, maybe.
You maybe can get the desired effect if you make / small enough
so there isn't room to write anything else.
>
>
> /dev/wd0a / ffs ro,softdep 1 1
> /dev/wd0g /home ffs rw,softdep,nodev,nosuid,noexec 1 2
> /dev/wd0f /tmp ffs rw,softdep,nodev,nosuid,noexec 1 2
> /dev/wd0d /usr ffs rw,softdep,nodev 1 2
> /dev/wd0e /var ffs rw,softdep,nodev,nosuid,noexec 1 2
>
> After rebooting my system I tested to check whether these settins were
> applied correctly:
>
> # cd /
> # touch test
>
> When I ran ls the 'test' file was there. I mean, the ro flag that I
> had added to my root partition had no effect. Has anyone ever faced
> this?
>
> Thanks.
>
>
> --
> Joco Salvatti
> Undergraduating in Computer Science
> Federal University of Para - UFPA
> web: http://www.openbsd-pa.org
> e-mail: [EMAIL PROTECTED]
