Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Oct 1999 09:27:02 -0700
From:      "David O'Brien" <obrien@NUXI.com>
To:        Brad Knowles <blk@skynet.be>
Cc:        current@freebsd.org
Subject:   Re: make install trick
Message-ID:  <19991008092702.L25125@dragon.nuxi.com>
In-Reply-To: <v04205504b423884a4694@[195.238.21.204]>
References:  <Pine.BSF.4.05.9910051831180.6368-100000@fw.wintelcom.net> <v04205500b420d230e6ff@[195.238.21.204]> <19991007152132.F68920@dragon.nuxi.com> <v04205504b423884a4694@[195.238.21.204]>
next in thread | previous in thread | raw e-mail | index | archive | help 
>        If you've done your job right, it can be mounted read-only.  This
> makes it harder for someone to break into the machine and obtain root
> access, because now they have to be root to unmount /usr and remount
> it read-write, so that they can put their trojan script on there that
> they're hoping you'll execute.

AND just how are crackers going to write their trojan's in my root owned
/usr (and remember root now owns the binaries in /usr) w/o *already*
being root.  This is just as weak as the argument that BPF makes a box
more vulnerable to having a rouge sniffer running on it.


> 	You're right that this is a somewhat religious issue, however, if 
> you're going to run a huge root filesystem, then you are more likely 
> to get what you deserve if /usr or one of the other directories on 
> the root filesystem get trashed or fill up.

And just what do I "deserve"?  Fuh!  Yea, as some said, lets go with a
30MB / so you can't even have room for a second kernel.  You should see
how fscked up Beast.freebsd.org is because of all the /, /usr, /var,
/tmp, etc, were mis-sized.  If I "deserve" something, then what's the
proper sizes for these?  I can tell you I run out of space on / a lot
less my way and have space where I need it, than I do on machines with
the millions of partitions.

Fuh!

-- 
-- David    (obrien@NUXI.com)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991008092702.L25125>