Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)

To: debian-powerpc@lists.debian.org
Subject: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 23 Feb 2004 12:06:17 +0000
Message-id: <[🔎] 20040223120617.GA14327@riva.ucam.org>
Mail-followup-to: debian-powerpc@lists.debian.org
In-reply-to: <[🔎] 20040223130242.1e0f91ad@jack.colino.net>
References: <[🔎] 246D7B7C-64EE-11D8-AFB0-00039392CAFA@smolny.plus.com> <[🔎] 4039A183.1030705@dsdk12.net> <[🔎] 20040223070551.GB27336@infidel.spots.ab.ca> <[🔎] 20040223074046.GA28069@infidel.spots.ab.ca> <[🔎] 20040223114653.GA10459@fpirisp.portsdebalears.com> <[🔎] 20040223130242.1e0f91ad@jack.colino.net>

On Mon, Feb 23, 2004 at 01:02:42PM +0100, Colin Leroy wrote:
> On 23 Feb 2004 at 12h02, Kiko Piris wrote:
> > One other advantage in separating partitions is security: you can mount
> > /boot ro,noexec,nodev,nosuid, /home nosuid,nodev, /tmp nosuid,nodev,
> > etc. (http://www.seifried.org/lasg/installation/).
> 
> /home nosuid is painful on real shared computers where users may want 
> their own ~/bin...

It might be safer to consider 'userv' rather than having users creating
their own set-id binaries.

> Anyway, /lib/ld.so.1 has to be executable and running `/lib/ld.so.1
> /path/to/nosuid/partition/binary` runs the binary. Imho nosuid is a
> very minimal protection. 

This is true of noexec, not nosuid. Did you mean that?

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: sebyte <sebyte@smolny.plus.com>
- Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: Derrik Pates <dpates@dsdk12.net>
- Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: Installing Debian using debian-sarge-netinst.iso (powerpc)
  - From: "s. keeling" <keeling@spots.ab.ca>
- [OT] fhs and multiple partitions (was: Installing Debian using ...)
  - From: Kiko Piris <debian@pirispons.net>
- Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
  - From: Colin Leroy <colin@colino.net>

Prev by Date: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Next by Date: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Previous by thread: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Next by thread: Re: [OT] fhs and multiple partitions (was: Installing Debian using ...)
Index(es):
- Date
- Thread