[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

On Sat, 22 Mar 2003 17:16, John Hasler wrote:
> Russell Coker writes:
> > My suggestion to make a minor change to the file naming scheme under
> > /usr/share to make things easier for SE Linux was shot down even though
> > it would take very little effort to implement.  This ro-root idea takes
> > considerably more work to implement and I think that it provides
> > considerably less benefit.
>
> R/o root also provides a degree of protection against buggy programs and
> admin errors.  I prefer to minimize the number of r/w partitions.

R/o root provides far less security than vserver, SE Linux, or systrace will 
provide.

Why force developers to do more work for a ro root than is being done for more 
serious security measures.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: