Date: Tue, 1 Aug 2006 20:04:08 +0100 From: Freminlins <freminlins@gmail.com> To: "=?ISO-8859-1?Q?Erik_N=F8rgaard?=" <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org, Tyler Spivey <tspivey@pcdesk.net> Subject: Re: switching from linux to freebsd Message-ID: <eeef1a4c0608011204g18f02bdam427cf1a92f9bb922@mail.gmail.com> In-Reply-To: <44CF9305.7050907@locolomo.org> References: <20060801053719.GA6735@fast> <44CEF9EB.3080807@locolomo.org> <eeef1a4c0608010518x28f5d82bw416dff78a99a603f@mail.gmail.com> <44CF7279.5040504@locolomo.org> <eeef1a4c0608010854g77eb05abl6305e359294f9a88@mail.gmail.com> <44CF9305.7050907@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/08/06, Erik N=F8rgaard <norgaard@locolomo.org> wrote: If you configure your server using LDAP or NIS for user management then > you only need to mount the root file system rw when updating the base > system or changing root password. Add the MAC and you will likely be > able to protect further against the attack you mention. Or when you want to patch or install other software, unless you put /usr/local on its own partition. And put /usr/ports somewhere else. And don't tinker with anything in /etc/mail. I think we're just going to disagree on this. I have never yet seen a situation where mounting the OS disk ro proved to b= e useful. I have seen it hinder perfectly normal sysadmin work. I have seen one instance in 10 years where it would have stopped a silly mistake (someone moved libc on Solaris). But as that person was doing something they were supposed to be doing and just made a mistake, they woul= d have made the same mistake after mounting the disk rw if it had been mounte= d ro. Cheers, Erik Cheers, Frem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eeef1a4c0608011204g18f02bdam427cf1a92f9bb922>