Re: goals for hardening Debian: ideas and help wanted

To: debian-security <debian-security@lists.debian.org>, debian-devel <debian-devel@lists.debian.org>
Subject: Re: goals for hardening Debian: ideas and help wanted
From: Xavier Roche <xavier@debian.org>
Date: Sat, 7 Jun 2014 15:31:47 +0200
Message-id: <[🔎] 20140607133147.GA16674@proliant.localnet>
In-reply-to: <1398308259.7980.49.camel@chianamo>
References: <1398308259.7980.49.camel@chianamo>

On Thu, Apr 24, 2014 at 10:57:39AM +0800, Paul Wise wrote:
> I have written a non-exhaustive list of goals for hardening the Debian
> distribution, the Debian project and computer systems of the Debian
> project, contributors and users.
> If you have more ideas, please add them to the wiki page.

Would a read-only root filesystem goal be feasible ? Might not be by default, but this helps a bit, and it may even prevent root from breaking things by accident. I don't know if this can be considered a security feature, though, but probably in some way.
https://wiki.debian.org/ReadonlyRoot

I have been using my main debian server for few years with a read-only /, and the only annoying thing is the 'mount: / is busy' issue after an apt-get update phase, but otherwise things are fine.

Reply to:

Follow-Ups:
- Re: goals for hardening Debian: ideas and help wanted
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: goals for hardening Debian: ideas and help wanted
Next by Date: Re: goals for hardening Debian: ideas and help wanted
Previous by thread: Re: goals for hardening Debian: ideas and help wanted
Next by thread: Re: goals for hardening Debian: ideas and help wanted
Index(es):
- Date
- Thread