From owner-freebsd-security Tue Dec 28 11:19:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from beach.silcom.com (beach.silcom.com [199.201.128.19]) by hub.freebsd.org (Postfix) with ESMTP id 8330114F0C for ; Tue, 28 Dec 1999 11:19:50 -0800 (PST) (envelope-from brian@CSUA.Berkeley.EDU) Received: from smarter.than.nu (pm1-38.vpop1.avtel.net [207.71.237.88]) by beach.silcom.com (Postfix) with ESMTP id 5E5F21454CA; Tue, 28 Dec 1999 11:19:43 -0800 (PST) Date: Tue, 28 Dec 1999 11:19:42 -0800 (PST) From: "Brian W. Buchanan" X-Sender: brian@smarter.than.nu To: Spidey Cc: freebsd-security@FreeBSD.ORG Subject: Re: Mounting / Read-Only In-Reply-To: <14441.2683.366094.187063@anarcat.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 28 Dec 1999, Spidey wrote: > I was also wondering... If we can modify the status (RW/RO) of a > mounted filesystem (/ included) with mount -u, why bother? :)) > > What is the purpose of mounting a filesystem ReadOnly, since it can be > disabled? Does it serve the same function as the schg flag? I think > the securelevel does not change this behavior, right? Mounting a filesystem read-only is not a security measure. It gains you nothing if root is compromised. -- Brian Buchanan brian@CSUA.Berkeley.EDU -------------------------------------------------------------------------- FreeBSD - The Power to Serve! http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message