[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How efficient is mounting /usr ro?

On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse <tarjei@bergfald.no> wrote:

TH> Hi,
TH> The Securing Debian manual suggest one should set the /usr partition
TH> to ro and use remount when you install new programs. 
TH> I was just wondering how much security one gains with this. Wouldn't
TH> most hackers go after the programs in the /bin and /sbin directories
TH> anyway?

Making /usr read-only is not for that kind of security.  It will keep your data safe from corruption (soft one, anyway: a disk crash will take anything with it ;-).  Besides, you can get a better performance formating it with ext2, since you'll not need journaling.

Now, there are ways to mount r-o /bin and /sbin, *and* to disable remounting them rw (unless you reset the box and provide a pass; its a kernel  patch or something which's name I can't remember -- but I want to!!).  There is some blurb about it here:


And surely in other threads.

Reply to: