Re: How efficient is mounting /usr ro?

To: Ted Cabeen <secabeen@pobox.com>
Cc: debian-security@lists.debian.org
Subject: Re: How efficient is mounting /usr ro?
From: Robert Brockway <robert@timetraveller.org>
Date: Fri, 10 Oct 2003 09:28:04 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.58.0310100924560.9538@zen.canint.timetraveller.org>
In-reply-to: <[🔎] 87k77eb9xu.fsf@gray.impulse.net>
References: <[🔎] 1065688451.3033.73.camel@elprinsessekaja.mail.nu.no> <[🔎] 20031009143312.A5308@ganymed.informatik.uni-freiburg.de> <[🔎] 87k77eb9xu.fsf@gray.impulse.net>

On Thu, 9 Oct 2003, Ted Cabeen wrote:

> I agree.  If you are looking for this kind of security, your best bet
> is to set the immutable bit on all of your system files.  That will
> ensure that only a reboot in single user mode will allow these files
> to be changed.  (Make sure you set immutable the system boot scripts
> as well)

The immutable bit can be removed from a file on a running system.  I just
confirmed this on a box to make sure recent kernels hadn't changed this
behaviour.

Rob

-- 
Robert Brockway B.Sc. email: robert@timetraveller.org, zzbrock@uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah

Reply to:

Follow-Ups:
- Re: How efficient is mounting /usr ro?
  - From: Bernd Eckenfels <ecki@calista.eckenfels.6bone.ka-ip.net>

References:
- How efficient is mounting /usr ro?
  - From: Tarjei Huse <tarjei@bergfald.no>
- Re: How efficient is mounting /usr ro?
  - From: "Bernhard R. Link" <blink@informatik.uni-freiburg.de>
- Re: How efficient is mounting /usr ro?
  - From: Ted Cabeen <secabeen@pobox.com>

Prev by Date: Re: How efficient is mounting /usr ro?
Next by Date: Re: How efficient is mounting /usr ro?
Previous by thread: Re: How efficient is mounting /usr ro?
Next by thread: Re: How efficient is mounting /usr ro?
Index(es):
- Date
- Thread