[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How efficient is mounting /usr ro?

* Tarjei Huse <tarjei@bergfald.no> [031009 10:55]:
> The Securing Debian manual suggest one should set the /usr partition to
> ro and use remount when you install new programs. 
> I was just wondering how much security one gains with this. 

I do not think one gets much security out of it. I think the most
security one gets by this is that this way /usr has no chance to
go corrupt when de power supply fails and less possible corruption
make it less propable that a corruption helping an attacker accours.

On the other hand if you then forget to remount it rw when updating
packages this may corrupt your system helping an attacker in.

On the other hand one should not over-estimate the inteligence of
script-kiddies. Even those writing the scripts tend to be lousy
programers, from what I have seen.

  Bernhard R. Link

Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Reply to: