Re: [gentoo-security] mount noexec and ro

public inbox for gentoo-security@lists.gentoo.org
 help / color / mirror / Atom feed

From: Paul de Vrieze <pauldv@gentoo.org>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] mount noexec and ro
Date: Sat, 04 Nov 2006 20:03:23 +0100	[thread overview]
Message-ID: <200611042003.33164.pauldv@gentoo.org> (raw)
In-Reply-To: <200611041727.39451.joe.knall@gmx.net>

[-- Attachment #1: Type: text/plain, Size: 707 bytes --]

On Saturday 04 November 2006 17:27, Joe Knall wrote:
> correct, it's atually like this
> /srv/www type ext3 (ro,nosuid,nodev,acl,user_xattr)
> /srv/www/data type ext3 (rw,noexec,nosuid,acl,user_xattr)
>
> but I need a /dev, currently data/dev with null and urandom there,
> writeable and not nodev (could as well be a separate partition).
> Do you think this turns all the rest in vain?

Nodev is mainly for those situations where you may not have full control over 
the disk (like usb sticks). But the ability to have devices will mean that 
those who can make devices can abuse them.

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

next prev parent reply	other threads:[~2006-11-04 19:10 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-04 11:11 [gentoo-security] mount noexec and ro Joe Knall
2006-11-04 12:03 ` Wolfram Schlich
2006-11-04 12:47   ` Eduardo Tongson
2006-11-04 13:27     ` Joe Knall
2006-11-04 15:00 ` Paul de Vrieze
2006-11-04 16:27   ` Joe Knall
2006-11-04 19:03     ` Paul de Vrieze [this message]
2006-11-06  5:58       ` Miguel Angel Tormo Alfaro
2006-12-07 17:44     ` Miguel Sousa Filipe
2006-12-09  2:34       ` Joe Knall
     [not found]         ` <20061209031915.506559@host216-188.pool8250.interbusiness.it>
2006-12-09  4:21           ` ascii

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200611042003.33164.pauldv@gentoo.org \
    --to=pauldv@gentoo.org \
    --cc=gentoo-security@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox