[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

Russell Coker <russell@coker.com.au> writes:

> On Sat, 22 Mar 2003 17:16, John Hasler wrote:
> > Russell Coker writes:
> > > My suggestion to make a minor change to the file naming scheme under
> > > /usr/share to make things easier for SE Linux was shot down even though
> > > it would take very little effort to implement.  This ro-root idea takes
> > > considerably more work to implement and I think that it provides
> > > considerably less benefit.
> >
> > R/o root also provides a degree of protection against buggy programs and
> > admin errors.  I prefer to minimize the number of r/w partitions.
> R/o root provides far less security than vserver, SE Linux, or systrace will 
> provide.

Sometimes you don't have a choice. And no software can ever be more
secure than your hardware.
> Why force developers to do more work for a ro root than is being done for more 
> serious security measures.

Noone is forcing anyone. In fact the work is already done for mount
and sysvinit and I intend to do all other packages I use too.

The problem is that I want that work to actually be included in Debian
and not just ignored by the maintainer like my devfs patches or user
level alternatives for which patches are in the BTS for over a year now
without any reaction from the maintainer.

Is it too much to ask to look at a patch and apply it or reply with
some reason why one is not doing it?


Reply to: