RE: How efficient is mounting /usr ro?
> No, it's an argument of efficacy. Removing rw from a mount doesn't
> remove the ability to write to it for a malicious user. If it
> gives you
> warm fuzzies, great, do it. But that's all it's going to do for you.
> Mike Stone
So the question is if mounting /usr without owner write permissions is effective in increasing security.
Clearly it doesn't help protect from a malicious attacker installing a root kit after already compromising root privileges. Much better to run some kind of tripwire program to do integrity checking (and store the chesksums on a physically read only medium), but even this doesn't achieve much given the likes of http://phrack.org/show.php?p=52&a=18 for instance.
But maybe there is an argument for it in terms of protecting against accidental corruption of /usr, for example a process running as root has a bug that causes the corruption of files in /usr (but then why are we worrying only about /usr?).