From owner-freebsd-isp Fri Jul 13 4:24:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id 2FFAC37B405 for ; Fri, 13 Jul 2001 04:24:14 -0700 (PDT) (envelope-from wiggy@wopr.akitanet.co.uk) Received: from dsl-212-135-208-201.dsl.easynet.co.uk ([212.135.208.201] helo=wopr.akitanet.co.uk) by jake.akitanet.co.uk with esmtp (Exim 3.13 #3) id 15L13A-000K8x-00; Fri, 13 Jul 2001 12:24:00 +0100 Received: from wiggy by wopr.akitanet.co.uk with local (Exim 3.21 #2) id 15L148-0007z1-00; Fri, 13 Jul 2001 12:25:00 +0100 Date: Fri, 13 Jul 2001 12:25:00 +0100 From: Paul Robinson To: Bart Silverstrim Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010713122500.A23202@jake.akitanet.co.uk> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <007c01c10b14$5462d820$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Thu, Jul 12, 2001 at 04:50:45PM -0400 X-Scanner: exiscan *15L13A-000K8x-00*$AK$MiRtgMJZzNnv09qwMLNiJ0* Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jul 12, Bart Silverstrim wrote: > Why not use two drives, one read only with the OS on it, one with multiple > partitions to mount to /var and /tmp, , /home...stuff like that...or > some variation of that theme? Because I'm not sure that enhances security in any way. There are lots of problems here, not least that if somebody finds a hole in your ftpd or whatever, you are going to have to go into serious downtime to patch it. Whereas a rw disk can be patched in seconds. Not only that, but you're completely forgetting the the ro jumper is really only a software lock. Oh yeah, and if you're an ISP with 40 1u rack servers in a cabinet, you're already moving into the world of problems with heat dissipation, you don't want to be sticking in extra drives that could potentially be adding an extra $10,000 in hardware costs to your setup. I really think the right approach that should be considered from a security point of view, is that of TrustedBSD. The intention of what you are attempting to acheive is good, but there are better and more manageable ways of acheiving the same result. > I toyed with the idea of trying to make bootable CD's for the key system > files and such before, should work in a similar manner to what is basically > described above (although performance from the read operations would be > terrible) if I actually had the time and extra hardware to dedicate to > making system laid out to create a "image" and make a slave drive on another > system with a CD-R drive :-) Gotta admit, that would make it terribly > difficult to crack into and lay trojaned system binaries... I looked to do this a while back, not for reasons of security, but because it meant I could 'upgrade' a box by sending out a new CD to the customer site and asking them to change it. It's actually relatively easy, once you get your head around mkisofs. ;-) But like I say, this is not something I would personally encourage you to do because you believe it to be securing something. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message