On Fri, Sep 29, 2000 at 02:16:58PM +0200, Raphael Bauduin wrote: > Hi, > > yes, I know that root can remount the partition in read/write. However, with > LIDS, it's possible to limit access to commands, even for root. So the root > partition would be read-only and would stay like that. Access to Lilo would > also be limited. chattr -R +i /bin /sbin /lib /boot then revoking the cap to remove immutable would also work. > /var could be noexec so any filed copied to it wouldn't be executable. yes they would, see my previous post demonstrating how you can execute anything by running /lib/ld-2.1.3.so /path/to/noexec/binary. > Another reason for the read-only is the fact that when the computer is not > properly rebooted, the partitions don't have to go through e2fsck. true but if your / is small this is not a big deal. if your concerned about filesystem damage mount it -o sync or use a journalling filesystem. i think a burned CDROM with a ramdisk root would be a much simpler way to accomplish a readonly root. trying to keep / mounted read only is going to require ALOT of hacking. (and likely modification of source) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgplkgOZrLLEe.pgp
Description: PGP signature