Re: [gentoo-user] How many GB for / partition?

["Hemmann, Volker Armin" <volker.armin.hemmann@tu-clausthal.de>]

On Friday 17 February 2006 07:33, Alexander Skwar wrote:
> Hemmann, Volker Armin wrote:
> > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
> >> Hemmann, Volker Armin wrote:
> >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
> >> >> Hemmann, Volker Armin wrote:
> >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
> >> >> >> Hemmann, Volker Armin wrote:
> >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:
> >> >> >> >> Izar Ilun wrote:
> >> >> >
> >> >> > Why should he make /tmp noexec,
> >> >>
> >> >> Security precaution.
> >> >
> >> > if you have 10+ users with access to the box. But a workstation,
> >> > without even sshd running, it is not needed.
> >>
> >> "needed" - What's "needed", anyway?
> >>
> >> > And hey, why should /tmp noexec save you from anything?
> >>
> >> Because it does.
> >
> > so? how?
>
> Think, you might find out. What does noexec do, hm?
>
> Even *you* might find out...
>
> Well... If I think about it... No, you're too clueless
> to find out.
>
> Hint 1: "noexec" nowadays makes it impossible to execute
> programs stored on that filesystem.

I know, but it won't save you from anything.
After a user got in, he is a user. And every user has a place with write 
permission (if he is user apache/httpd he has lots of places, where he can 
store code).  Outside of /tmp.
You see - it doesn't help you anything.

> Hint 2: /tmp (and /var/tmp) are (hopefully) the only places
> where everybody can write.

an attacker does not need a place, where everybody can write. He just needs 
SOME place, where he can write - like the home-directory of the user he just 
corrumpted.
Also, he can disrupt your system, by just filling up /tmp. No code needed for 
that.

>
> >> > If someone is  able to break into your box, he can build his tools in
> >> > /home or /var/tmp or somewhere else. No need for /tmp.
> >>
> >> Wrong again. If tmp is the only place somebody can write, then
> >> it might save you (and it DID save my ass more than once now).
> >
> > since /tmp is not the only place where someone can write (/var/tmp
> > anyone?)
>
> True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp
> could also easily be a seperate fs.
and another partition ..,.

>
> > it
> > won't help you much.
>
> That's of course wrong again.
>
> >> >> Ah. Please explain how you mount /tmp noexec and /usr
> >> >> readonly.
> >> >
> >> > I don't because it is wasted effort.
> >>
> >> Of course it's not.
> >
> > yes it is.
>
> Jaja. Just because you've got problems, it doesn't mean
> that there ARE problems.

it is wasted: if he has so many rights, that he could write to /usr, he has 
enough rights to remount it.
and /tmp is not needed, as soon  as you have breaken into the box.
Plus, a full /tmp and /var will disrupt services and make reboot (almost) 
impossible.

So, noexec and ro /usr will save you from nothing.

> No, it's not. Write permissions don't mean, that somebody is root.

in my /usr, yes it does.
;)


> >
> > yes really, you have to remount /usr everytime you update something.
>
> Jaja. You know, your exaggerations become boring...

because it is true?
show me, how do you update something residing in /usr without remounting.

>

>
> a) /tmp is cleaned during boot - so this won't happen anyway.

/tmp ios cleaned so late, that it is too late, is both are totally full.

> b) Don't let it happen in the first place.
you can not tell an attacker what not to do.

> c) Boot a rescue system like Knoppix and clean /tmp.

yeah! but why boot from a boot-cd, if you don't have to? (hint: /tmp not on 
its own, small partition)

>
> d) In reality, I NEVER had it happen that /tmp or /var/tmp
> ran out of space. What happened "more often" is that /var
> ran out of space, because of the logs in /var/log.

you have never used gimp, did you?
I have seen gimp filling up a 5GB /tmp.

>
> >> >> I see. Strange thing is, that about every server and workstation
> >> >> I've seen more or less contradicts what you say.
> >> >
> >> > if you have 20+ users on each of them, and every single one is a
> >> > little cracker in disguisse, it may make sense, but for a single user
> >> > box?
> >>
> >> Why are you asking?
> >
> > because you are the one starting with 'server' and 'workstations'
>
> Correct. So what? Why are you asking?
>
> > and the OP
> > never talked about one or the other.
>
> His system MUST be the one or the other.

nope, there is a third category: personal computer (also called home 
computer).

>
> >> > If every partition takes a second, it will be very noticable.
> >>
> >> Hardly. (Notice that I'm not saying "No".)
> >
> > if mounting becomes the major 'hold up' in your booting process, it
> > becomes VERY noticable.
>
> Jaja. Do you actually expect to be taken seriously?

not from you. From thois mailing list I learnt, that if someone is not on your 
side, the person is wrong.

>
> > I have been there,
>
> I doubt that.

Why should I lie?
I had 3 ibm harddisks 1x10Gb,2x40gb one seagate 20gb and all and everything on 
its own partition.
And it was hell after a while.

> > More harddisks=bigger chance that one of them dies.
>
> True. So? What does this have to do with the fact, that the
> available hd's are too small? Just as a reminder - that's
> the scenario YOU are talking about.

becuase you started with 'buy more harddisks'

> >> > It is simple math.
> >>
> >> *LOL* _You_ should not talk about maths :)
> >
> > you obviously don't understand simple statistics.
>
> Seems like. But maybe it's just, that I've got problems
> following your nonsense, hm?

you mean your nonesense?
Yep, it is hard to deal with you.

I snipped the rest: TL:DR
-- 
gentoo-user@gentoo.org mailing list