Date: Thu, 12 Jul 2001 16:50:45 -0400 From: "Bart Silverstrim" <bsilver@sosbbs.com> To: <freebsd-isp@FreeBSD.ORG> Subject: Re: gcc on production server Message-ID: <007c01c10b14$5462d820$0100a8c0@sosbbs.com> References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Paul Robinson" <paul@akita.co.uk> To: "Hug Me" <hugme@hugme.org> Cc: <freebsd-isp@FreeBSD.ORG> Sent: Thursday, July 12, 2001 7:35 AM Subject: Re: gcc on production server On Jul 11, Hug Me <hugme@hugme.org> wrote: >> if you are REALLY worried about security, get a drive that has a jumper you >> can change to read only, put your operating system on it, move the jumper > >Ummmm... that's not clever. That's stupid. So, you're an ISP. If you're >running this system, exactly how do you deliver mail, allow users to change >webpages, etc? Oh yeah, and just out or curiosity, what happens to /var and >/tmp ? As one colleague just replied when I read that paragraph to him >"that's not an OS - it's a coaster". I hope it keeps your coffee warm. Why not use two drives, one read only with the OS on it, one with multiple partitions to mount to /var and /tmp, <swap>, /home...stuff like that...or some variation of that theme? I toyed with the idea of trying to make bootable CD's for the key system files and such before, should work in a similar manner to what is basically described above (although performance from the read operations would be terrible) if I actually had the time and extra hardware to dedicate to making system laid out to create a "image" and make a slave drive on another system with a CD-R drive :-) Gotta admit, that would make it terribly difficult to crack into and lay trojaned system binaries... --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.264 / Virus Database: 136 - Release Date: 7/3/01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007c01c10b14$5462d820$0100a8c0>