From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-security+bounces-738-garchives=archives.gentoo.org@gentoo.org>)
	id 1GgQus-0004Wu-E9
	for garchives@archives.gentoo.org; Sat, 04 Nov 2006 19:10:54 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.8) with SMTP id kA4J8mRk010662;
	Sat, 4 Nov 2006 19:08:48 GMT
Received: from smtp19.wxs.nl (smtp19.wxs.nl [195.121.247.10])
	by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id kA4J3Zn5019800
	for <gentoo-security@lists.gentoo.org>; Sat, 4 Nov 2006 19:03:35 GMT
Received: from pavlvs2.devrieze.net (ip5457f303.direct-adsl.nl [84.87.243.3])
 by smtp19.wxs.nl
 (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id
 <0J8700IBSZLZDK@smtp19.wxs.nl> for gentoo-security@lists.gentoo.org; Sat,
 04 Nov 2006 20:03:35 +0100 (CET)
Received: by pavlvs2.devrieze.net (Postfix, from userid 1000)
	id 9D428E42E1; Sat, 04 Nov 2006 20:03:34 +0100 (CET)
Date: Sat, 04 Nov 2006 20:03:23 +0100
From: Paul de Vrieze <pauldv@gentoo.org>
X-Face: 
 #Lb+'V@sGJ;ptgo5}V"W+5OCoo{LZv;bh,s,`WKLi/J)ed1_$0;6X<=?utf-8?q?700LVV/=3BLqPhiDP=5E=0A=09=27f=5Dfnv?=@%6M8\'HR1t=aFx;ePfp{ZQoBe+e)JOQ8T5*(_;mHY+cltLG<x1{H>q<;@$Y,=?utf-8?q?O=5C=24=0A=09Tm=23G6M?=,g![Q62J{na*S9d;R[^8pc%u\aiLqU@`kJtYl"^6pxdW
Subject: Re: [gentoo-security] mount noexec and ro
In-reply-to: <200611041727.39451.joe.knall@gmx.net>
To: gentoo-security@lists.gentoo.org
Message-id: <200611042003.33164.pauldv@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-security@lists.gentoo.org>
List-Help: <mailto:gentoo-security+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: gentoo-security@gentoo.org
Reply-to: gentoo-security@lists.gentoo.org
MIME-version: 1.0
Content-type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary=nextPart1491100.yUyanJkrei
Content-transfer-encoding: 7bit
User-Agent: KMail/1.9.5
References: <200611041211.22434.joe.knall@gmx.net>
 <200611041600.45837.pauldv@gentoo.org> <200611041727.39451.joe.knall@gmx.net>
X-Archives-Salt: 8c250b4a-4ee4-4f8f-98f2-b885f29a300f
X-Archives-Hash: 6f2255407c18459e0ea0ad9a866cbe3e

--nextPart1491100.yUyanJkrei
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Saturday 04 November 2006 17:27, Joe Knall wrote:
> correct, it's atually like this
> /srv/www type ext3 (ro,nosuid,nodev,acl,user_xattr)
> /srv/www/data type ext3 (rw,noexec,nosuid,acl,user_xattr)
>
> but I need a /dev, currently data/dev with null and urandom there,
> writeable and not nodev (could as well be a separate partition).
> Do you think this turns all the rest in vain?

Nodev is mainly for those situations where you may not have full control ov=
er=20
the disk (like usb sticks). But the ability to have devices will mean that=
=20
those who can make devices can abuse them.

Paul

=2D-=20
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

--nextPart1491100.yUyanJkrei
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5-ecc0.1.6 (GNU/Linux)

iD8DBQBFTOQFbKx5DBjWFdsRAsxDAJ94AH7btw9aufS5iAd+fGvfQobF3gCgkqSN
q2x8C1wDtQpjYG+g1rN1C5Q=
=z0PN
-----END PGP SIGNATURE-----

--nextPart1491100.yUyanJkrei--
-- 
gentoo-security@gentoo.org mailing list