Torsten Landschoff <torsten@debian.org> wrote: > 1) even with libldap linked from /usr, it should be possible to remount > that filesystem ro which would not cause any data loss I've come across this problem before, and I was unable to remount /usr read-only. I have no idea why. > 2) with that explanation we would need to move every other library used > in PAM modules to /lib as well (think libpam-mysql, libpam-pgsql, etc.) No big deal. Nobody is going to install more than one or two PAM or NSS modules, so /lib isn't going to get too big. > 3) AFAIK those PAM modules are only opened for a short time when > authenticating the user. Once the session is set up I don't expect > them to be in memory. The NSS modules are never unloaded. -- Sam "Eddie" Couter | mailto:sam@couter.dropbear.id.au Debian Developer | mailto:eddie@debian.org | jabber:sam@jabber.topic.com.au OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgpekcImPw1S8.pgp
Description: PGP signature