Re: possible mass-filing of bugs: many shared library packages contain binaries in usr/bin
Joseph Carter <knghtbrd@bluecherry.net> writes:
> > > The problem with this benefit is the small number of people who would
> > > directly benefit from it - how many people do you know with seperate
> > > partitions for /usr/lib? I don't know many. Although, from a purely
> > > paranoia standard, I can envision creating one for this very purpose and
> > > think it is worth considering for that purpose. Having sheer paranoia
> > > levels of security being available to those who would use them is a goal I
> > > think we can all agree is not a bad thing.
> >
> > With a 2.4 kernel, you shouldn't need a separate partition:
> >
> > # mount --bind -o ro,noexec /lib /lib
> > # mount --bind -o ro,noexec /usr/lib /usr/lib
>
> *drool* I'd totally forgotten that you could do that.
>
> Count me officially IN SUPPORT of cleaning executables out of /var, /lib,
> and /usr/lib for sarge. I don't give a rip where they go, but I want them
> out of those directories because _I_ want to do this now. ;)
>
> > Bind mounting /usr/lib directly on top of itself with different mount
> > options, you can achieve the same effect (I previously used it to set
> > default filesystem umasks within certain directories). Hmm, after
> > trying this out, it doesn't seem to work like it does for umasks (I
> > can still run /lib/ld-linux.so.2), possibly a mount bug?
>
> This is incredibly cool and I had not realized nor considered that --bind
> could be used in this way. Thank you for the great suggestion, this will
> let me basically do things like make certain directories read-only when I
> am not explicitly upgrading packages. Not all of /usr, necessarily, but
> certainly /usr/bin, /usr/lib, and /usr/local/{lib,bin} as well.. I can
> then just change it for upgrades and put the safety measure back in place
> when I'm done upgrading things. Thanks. =D
I have done some testing, and found that this does not currently work
in linux 2.4. It should be fixed in 2.5 and so usable in 2.6/3.0,
according to comp.os.linux.development.system.
For /usr, you could potentially protect yourself even more, by
mounting the entire partition noexec, and then just bind mount
/usr/bin and /usr/libexec with exec!
This should be great once it actually works.
--
Roger Leigh
** Registration Number: 151826, http://counter.li.org **
Need Epson Stylus Utilities? http://gimp-print.sourceforge.net/
GPG Public Key: 0x25BFB848 available on public keyservers
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: