From owner-freebsd-isp Fri Jul 13 13:37:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smcloud.sosbbs.com (excelsior.sosbbs.com [216.37.208.31]) by hub.freebsd.org (Postfix) with ESMTP id 317BA37B403 for ; Fri, 13 Jul 2001 13:37:43 -0700 (PDT) (envelope-from bsilver@sosbbs.com) Received: from sojourner (ds10m178.sarvers.com [216.37.208.178]) by smcloud.sosbbs.com (Vircom SMTPRS 4.5.186) with SMTP id ; Fri, 13 Jul 2001 16:37:41 -0400 Message-ID: <010c01c10bdb$a8f11600$0100a8c0@sosbbs.com> From: "Bart Silverstrim" To: "Paul Robinson" Cc: References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com> <20010713122500.A23202@jake.akitanet.co.uk> Subject: Re: gcc on production server Date: Fri, 13 Jul 2001 16:37:37 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Jul 12, Bart Silverstrim wrote: > > > Why not use two drives, one read only with the OS on it, one with multiple > > partitions to mount to /var and /tmp, , /home...stuff like that...or > > some variation of that theme? > > Because I'm not sure that enhances security in any way. There are lots of > problems here, not least that if somebody finds a hole in your ftpd or > whatever, you are going to have to go into serious downtime to patch > it. Whereas a rw disk can be patched in seconds. If somebody finds a hold in FTPD and you want to patch it, you're going to have serious downtime no matter what; I wouldn't trust binaries afterwards. In a small ISP setting where I was (or in the place I'm working in now, if it would be possible) I'd rather do a full reinstall of the OS or get spare hardware and set up a replacement server to cycle in, depending on the damage. Otherwise you could be leaving back doors open. A read-only media would really keep them from hosing the system (for this context, I'll refer to the CD ROM idea, since that's what I had in mind before with this idea). I wouldn't do this for certain types of systems; as always, it depends on the application and context. For a small ISP, we could do it for servers that do things like small DNS servers, systems where you need to keep the system protected, etc. Patching would be done on a system that's set aside as a vanilla "image" blank; patch that, reburn the CD's, and just swap the CD's into the server's drives and restart. Also with a RO media, if a hacker gets in, it does enhance security...how do you trojan a system you can't modify? The damage would occur to things like web pages and personal files. Restoration from backups should take care of that side, but it would at least keep you from having to keep reinstalling and reconfiguring the servers. And a simple system like this would not be something for a huge company or large ISP; I agree there. With that kind of budget, chances are they can get better solutions. But for small mom-and-pop providers, I think this could be budgeted from the money they'd save not running with NT licenses :-) *shrug* I thought it would be a good idea. I just don't work at a place that's as unix-friendly right now to try it out. -Bart --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/4/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message