Date: Tue, 1 Aug 2006 20:04:08 +0100 From: Freminlins <freminlins@gmail.com> To: "=?ISO-8859-1?Q?Erik_N=F8rgaard?=" <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org, Tyler Spivey <tspivey@pcdesk.net> Subject: Re: switching from linux to freebsd Message-ID: <eeef1a4c0608011204g18f02bdam427cf1a92f9bb922@mail.gmail.com> In-Reply-To: <44CF9305.7050907@locolomo.org> References: <20060801053719.GA6735@fast> <44CEF9EB.3080807@locolomo.org> <eeef1a4c0608010518x28f5d82bw416dff78a99a603f@mail.gmail.com> <44CF7279.5040504@locolomo.org> <eeef1a4c0608010854g77eb05abl6305e359294f9a88@mail.gmail.com> <44CF9305.7050907@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/08/06, Erik Nørgaard <norgaard@locolomo.org> wrote: If you configure your server using LDAP or NIS for user management then > you only need to mount the root file system rw when updating the base > system or changing root password. Add the MAC and you will likely be > able to protect further against the attack you mention. Or when you want to patch or install other software, unless you put /usr/local on its own partition. And put /usr/ports somewhere else. And don't tinker with anything in /etc/mail. I think we're just going to disagree on this. I have never yet seen a situation where mounting the OS disk ro proved to be useful. I have seen it hinder perfectly normal sysadmin work. I have seen one instance in 10 years where it would have stopped a silly mistake (someone moved libc on Solaris). But as that person was doing something they were supposed to be doing and just made a mistake, they would have made the same mistake after mounting the disk rw if it had been mounted ro. Cheers, Erik Cheers, Frem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eeef1a4c0608011204g18f02bdam427cf1a92f9bb922>