[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to get away with small /var partition

On 2003-11-30, Karsten M. Self <kmself@ix.netcom.com> wrote:
>> I recommend making it far larger than in the Debian security doc
>> though.  On my servers I have /boot and /usr read-only, and I've been
>
> You can leave /boot unmounted altogether.  The only times it needs to be
> accessed are:
>
>   - At boot time, where access is direct to partition, and the partition
>     need not be mounted (indeed, can't be).
>
>   - When examining kernel config files and System maps (read-only)
>
>   - When installing a new kernel (writeable)

Show me a good reason to separete /boot to a separate partition at 
all. What's the extra security we get out of this? 
In /boot there are only the kernel images. System.map's, kernel 
config, and GRUB config.

All that is writable only by root anyway (perms -rw-r--r-- root.root)
If an attacker get's rights to write or change perms of files there, 
he can equally easy remount the partition rw.

So what's the point? 

-- 
    Miernik         ________________________ jabber:miernik@amessage.info
___________________/__ tel: +48608233394 __/      mailto:miernik@ctnet.pl
Support impeaching the war criminalist George W. Bush
http://www.votetoimpeach.org/
Reply to: