From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GgQus-0004Wu-E9 for garchives@archives.gentoo.org; Sat, 04 Nov 2006 19:10:54 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.8) with SMTP id kA4J8mRk010662; Sat, 4 Nov 2006 19:08:48 GMT Received: from smtp19.wxs.nl (smtp19.wxs.nl [195.121.247.10]) by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id kA4J3Zn5019800 for ; Sat, 4 Nov 2006 19:03:35 GMT Received: from pavlvs2.devrieze.net (ip5457f303.direct-adsl.nl [84.87.243.3]) by smtp19.wxs.nl (iPlanet Messaging Server 5.2 HotFix 2.07 (built Jun 24 2005)) with ESMTP id <0J8700IBSZLZDK@smtp19.wxs.nl> for gentoo-security@lists.gentoo.org; Sat, 04 Nov 2006 20:03:35 +0100 (CET) Received: by pavlvs2.devrieze.net (Postfix, from userid 1000) id 9D428E42E1; Sat, 04 Nov 2006 20:03:34 +0100 (CET) Date: Sat, 04 Nov 2006 20:03:23 +0100 From: Paul de Vrieze X-Face: #Lb+'V@sGJ;ptgo5}V"W+5OCoo{LZv;bh,s,`WKLi/J)ed1_$0;6X<=?utf-8?q?700LVV/=3BLqPhiDP=5E=0A=09=27f=5Dfnv?=@%6M8\'HR1t=aFx;ePfp{ZQoBe+e)JOQ8T5*(_;mHY+cltLGq<;@$Y,=?utf-8?q?O=5C=24=0A=09Tm=23G6M?=,g![Q62J{na*S9d;R[^8pc%u\aiLqU@`kJtYl"^6pxdW Subject: Re: [gentoo-security] mount noexec and ro In-reply-to: <200611041727.39451.joe.knall@gmx.net> To: gentoo-security@lists.gentoo.org Message-id: <200611042003.33164.pauldv@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Reply-to: gentoo-security@lists.gentoo.org MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=nextPart1491100.yUyanJkrei Content-transfer-encoding: 7bit User-Agent: KMail/1.9.5 References: <200611041211.22434.joe.knall@gmx.net> <200611041600.45837.pauldv@gentoo.org> <200611041727.39451.joe.knall@gmx.net> X-Archives-Salt: 8c250b4a-4ee4-4f8f-98f2-b885f29a300f X-Archives-Hash: 6f2255407c18459e0ea0ad9a866cbe3e --nextPart1491100.yUyanJkrei Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 04 November 2006 17:27, Joe Knall wrote: > correct, it's atually like this > /srv/www type ext3 (ro,nosuid,nodev,acl,user_xattr) > /srv/www/data type ext3 (rw,noexec,nosuid,acl,user_xattr) > > but I need a /dev, currently data/dev with null and urandom there, > writeable and not nodev (could as well be a separate partition). > Do you think this turns all the rest in vain? Nodev is mainly for those situations where you may not have full control ov= er=20 the disk (like usb sticks). But the ability to have devices will mean that= =20 those who can make devices can abuse them. Paul =2D-=20 Paul de Vrieze Gentoo Developer Mail: pauldv@gentoo.org Homepage: http://www.devrieze.net --nextPart1491100.yUyanJkrei Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5-ecc0.1.6 (GNU/Linux) iD8DBQBFTOQFbKx5DBjWFdsRAsxDAJ94AH7btw9aufS5iAd+fGvfQobF3gCgkqSN q2x8C1wDtQpjYG+g1rN1C5Q= =z0PN -----END PGP SIGNATURE----- --nextPart1491100.yUyanJkrei-- -- gentoo-security@gentoo.org mailing list