Re: How efficient is mounting /usr ro?
On Fri, Oct 17, 2003 at 08:57:43PM +0200, Christian Storch wrote:
> Yes, a very sophisticated kind of definition.
> But what about the small gap between theory and practice?
In theory, it approximates the practice :)
> So I think security and availability represent to basic independend points of discussion.
> Security in a sense of preventing of bad impact from outside a system.
My view is that either C, I or A represents an area against which an
attacker or some accident could bring on `bad impact'. Consider
the simple question `Is my site defaced?'.
To stay on topic, I'm for keeping /usr and /usr/local read-only,
because really nothing should update them except for a few
programs under controlled circumstances (that's what makes
the enforcment of this policy cheap). In addition, it might
help you notice an intrusion.
(I also got used to remount,ro /, for that matter)
bit,
adam
--
1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever
Reply to: