Re: How efficient is mounting /usr ro?
On Thu, 9 Oct 2003, Ted Cabeen wrote:
> I agree. If you are looking for this kind of security, your best bet
> is to set the immutable bit on all of your system files. That will
> ensure that only a reboot in single user mode will allow these files
> to be changed. (Make sure you set immutable the system boot scripts
> as well)
The immutable bit can be removed from a file on a running system. I just
confirmed this on a box to make sure recent kernels hadn't changed this
behaviour.
Rob
--
Robert Brockway B.Sc. email: robert@timetraveller.org, zzbrock@uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
Reply to: