From owner-freebsd-current  Fri Oct  8  9:27: 5 1999
Delivered-To: freebsd-current@freebsd.org
Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38])
	by hub.freebsd.org (Postfix) with ESMTP id 4F4D214FC2
	for <current@freebsd.org>; Fri,  8 Oct 1999 09:27:04 -0700 (PDT)
	(envelope-from obrien@NUXI.com)
Received: from dragon.nuxi.com (root@d60-025.leach.ucdavis.edu [169.237.60.25])
	by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id JAA02405;
	Fri, 8 Oct 1999 09:27:03 -0700 (PDT)
	(envelope-from obrien@dragon.nuxi.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.9.3/8.9.1) id JAA17931;
	Fri, 8 Oct 1999 09:27:03 -0700 (PDT)
	(envelope-from obrien)
Date: Fri, 8 Oct 1999 09:27:02 -0700
From: "David O'Brien" <obrien@NUXI.com>
To: Brad Knowles <blk@skynet.be>
Cc: current@freebsd.org
Subject: Re: make install trick
Message-ID: <19991008092702.L25125@dragon.nuxi.com>
Reply-To: obrien@freebsd.org
References: <Pine.BSF.4.05.9910051831180.6368-100000@fw.wintelcom.net> <v04205500b420d230e6ff@[195.238.21.204]> <19991007152132.F68920@dragon.nuxi.com> <v04205504b423884a4694@[195.238.21.204]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre1i
In-Reply-To: <v04205504b423884a4694@[195.238.21.204]>
X-Operating-System: FreeBSD 4.0-CURRENT
Organization: The NUXI BSD group
X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Keyid: 34F9F9D5
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>        If you've done your job right, it can be mounted read-only.  This
> makes it harder for someone to break into the machine and obtain root
> access, because now they have to be root to unmount /usr and remount
> it read-write, so that they can put their trojan script on there that
> they're hoping you'll execute.

AND just how are crackers going to write their trojan's in my root owned
/usr (and remember root now owns the binaries in /usr) w/o *already*
being root.  This is just as weak as the argument that BPF makes a box
more vulnerable to having a rouge sniffer running on it.


> 	You're right that this is a somewhat religious issue, however, if 
> you're going to run a huge root filesystem, then you are more likely 
> to get what you deserve if /usr or one of the other directories on 
> the root filesystem get trashed or fill up.

And just what do I "deserve"?  Fuh!  Yea, as some said, lets go with a
30MB / so you can't even have room for a second kernel.  You should see
how fscked up Beast.freebsd.org is because of all the /, /usr, /var,
/tmp, etc, were mis-sized.  If I "deserve" something, then what's the
proper sizes for these?  I can tell you I run out of space on / a lot
less my way and have space where I need it, than I do on machines with
the millions of partitions.

Fuh!

-- 
-- David    (obrien@NUXI.com)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message