Re: ifupdown writes to /etc... a bug?
On Sat, 22 Mar 2003 17:16, John Hasler wrote:
> Russell Coker writes:
> > My suggestion to make a minor change to the file naming scheme under
> > /usr/share to make things easier for SE Linux was shot down even though
> > it would take very little effort to implement. This ro-root idea takes
> > considerably more work to implement and I think that it provides
> > considerably less benefit.
>
> R/o root also provides a degree of protection against buggy programs and
> admin errors. I prefer to minimize the number of r/w partitions.
R/o root provides far less security than vserver, SE Linux, or systrace will
provide.
Why force developers to do more work for a ro root than is being done for more
serious security measures.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: