Re: Read-only root (/) except /etc

["Douglas A. Tutty" <dtutty@porchlight.ca>]

On Mon, Apr 14, 2008 at 09:11:52AM -0400, Daniel Dickinson wrote:
> On Sun, 13 Apr 2008 12:04:31 -0400
> "Douglas A. Tutty" <dtutty@porchlight.ca> wrote:
> > On Sun, Apr 13, 2008 at 03:12:08PM +0000, lists2008@skaro.afraid.org
> > wrote: 
> > However, consider: as things stand now, only root can alter files
> > which don't have write permissions for others.  Sure, if the
> > filesystem were mounted ro then root couldn't write to the files
> > either (or delete files).  However, root could always remount / rw.
> > Therefore there is no security in a system once root is compromised
> > whatever you do.  If root is not compromised, then standard unix
> > permission scheme will provide the security.
> 
> Thank you for that explanation.  This is exactly what I was thinking
> about, and thus, for my purposes I don't need read-only root.  Digby
> makes some interesting suggestions as to why one might want ro root
> that are more interesting, but they don't apply to me.

OK.  Would you like to discuss the security concerns in your application
that prompted  this?  Are you just Practically Paranoid (TM OpenBSD) or
do you have a specific concern in your situation?

As for the write limits on flash devices, this has been heavily
discussed and real-world tested over on misc@openbsd.org, where a higher
proportion of users are making appliances out of e.g. soekris boxes with
OpenBSD using a compact flash card as the hard drive for all
partitions/filesystems.  They find that if you use a good industrial
compact flash, which come with at least a 5 year warranty, that in
real-world use they have been lasting quite well and not markedly less
reliable than hard drives.  Note that this is just for the changes that
happen to a system running as an appliance which only reboots on a
kernel change.  In OpenBSD that means about every 6 months if you keep
it up-to-date.

Doug.