From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FAA6j-0000IC-7Y for garchives@archives.gentoo.org; Fri, 17 Feb 2006 18:13:29 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id k1HIBnBA004355; Fri, 17 Feb 2006 18:11:49 GMT Received: from poseidon.rz.tu-clausthal.de (poseidon.rz.tu-clausthal.de [139.174.2.21]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id k1HI4iX9004371 for ; Fri, 17 Feb 2006 18:04:44 GMT Received: from poseidon.rz.tu-clausthal.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 46BA8203E79 for ; Fri, 17 Feb 2006 19:04:22 +0100 (CET) Received: from tu-clausthal.de (poseidon [139.174.2.21]) by poseidon.rz.tu-clausthal.de (Postfix) with ESMTP id B9228203E76 for ; Fri, 17 Feb 2006 19:04:21 +0100 (CET) Received: from energy.heim10.tu-clausthal.de ([139.174.241.94] verified) by tu-clausthal.de (CommuniGate Pro SMTP 5.0.6) with ESMTP id 11341162 for gentoo-user@lists.gentoo.org; Fri, 17 Feb 2006 19:04:21 +0100 From: "Hemmann, Volker Armin" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How many GB for / partition? Date: Fri, 17 Feb 2006 19:04:21 +0100 User-Agent: KMail/1.9.1 References: <7ae6f8f0602160419w67142523p296a88b3944ce180@mail.gmail.com> <200602162123.26046.volker.armin.hemmann@tu-clausthal.de> <43F56E36.2030109@mid.email-server.info> In-Reply-To: <43F56E36.2030109@mid.email-server.info> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200602171904.21420.volker.armin.hemmann@tu-clausthal.de> X-Virus-Scanned: by PureMessage V4.7 at tu-clausthal.de X-Archives-Salt: 885d588f-7b6a-42bd-a6a8-9fa2d396e2d4 X-Archives-Hash: 65274ebf11af8946f6d9873d984359ae On Friday 17 February 2006 07:33, Alexander Skwar wrote: > Hemmann, Volker Armin wrote: > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote: > >> Hemmann, Volker Armin wrote: > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote: > >> >> Hemmann, Volker Armin wrote: > >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote: > >> >> >> Hemmann, Volker Armin wrote: > >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote: > >> >> >> >> Izar Ilun wrote: > >> >> > > >> >> > Why should he make /tmp noexec, > >> >> > >> >> Security precaution. > >> > > >> > if you have 10+ users with access to the box. But a workstation, > >> > without even sshd running, it is not needed. > >> > >> "needed" - What's "needed", anyway? > >> > >> > And hey, why should /tmp noexec save you from anything? > >> > >> Because it does. > > > > so? how? > > Think, you might find out. What does noexec do, hm? > > Even *you* might find out... > > Well... If I think about it... No, you're too clueless > to find out. > > Hint 1: "noexec" nowadays makes it impossible to execute > programs stored on that filesystem. I know, but it won't save you from anything. After a user got in, he is a user. And every user has a place with write permission (if he is user apache/httpd he has lots of places, where he can store code). Outside of /tmp. You see - it doesn't help you anything. > Hint 2: /tmp (and /var/tmp) are (hopefully) the only places > where everybody can write. an attacker does not need a place, where everybody can write. He just needs SOME place, where he can write - like the home-directory of the user he just corrumpted. Also, he can disrupt your system, by just filling up /tmp. No code needed for that. > > >> > If someone is able to break into your box, he can build his tools in > >> > /home or /var/tmp or somewhere else. No need for /tmp. > >> > >> Wrong again. If tmp is the only place somebody can write, then > >> it might save you (and it DID save my ass more than once now). > > > > since /tmp is not the only place where someone can write (/var/tmp > > anyone?) > > True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp > could also easily be a seperate fs. and another partition ..,. > > > it > > won't help you much. > > That's of course wrong again. > > >> >> Ah. Please explain how you mount /tmp noexec and /usr > >> >> readonly. > >> > > >> > I don't because it is wasted effort. > >> > >> Of course it's not. > > > > yes it is. > > Jaja. Just because you've got problems, it doesn't mean > that there ARE problems. it is wasted: if he has so many rights, that he could write to /usr, he has enough rights to remount it. and /tmp is not needed, as soon as you have breaken into the box. Plus, a full /tmp and /var will disrupt services and make reboot (almost) impossible. So, noexec and ro /usr will save you from nothing. > No, it's not. Write permissions don't mean, that somebody is root. in my /usr, yes it does. ;) > > > > yes really, you have to remount /usr everytime you update something. > > Jaja. You know, your exaggerations become boring... because it is true? show me, how do you update something residing in /usr without remounting. > > > a) /tmp is cleaned during boot - so this won't happen anyway. /tmp ios cleaned so late, that it is too late, is both are totally full. > b) Don't let it happen in the first place. you can not tell an attacker what not to do. > c) Boot a rescue system like Knoppix and clean /tmp. yeah! but why boot from a boot-cd, if you don't have to? (hint: /tmp not on its own, small partition) > > d) In reality, I NEVER had it happen that /tmp or /var/tmp > ran out of space. What happened "more often" is that /var > ran out of space, because of the logs in /var/log. you have never used gimp, did you? I have seen gimp filling up a 5GB /tmp. > > >> >> I see. Strange thing is, that about every server and workstation > >> >> I've seen more or less contradicts what you say. > >> > > >> > if you have 20+ users on each of them, and every single one is a > >> > little cracker in disguisse, it may make sense, but for a single user > >> > box? > >> > >> Why are you asking? > > > > because you are the one starting with 'server' and 'workstations' > > Correct. So what? Why are you asking? > > > and the OP > > never talked about one or the other. > > His system MUST be the one or the other. nope, there is a third category: personal computer (also called home computer). > > >> > If every partition takes a second, it will be very noticable. > >> > >> Hardly. (Notice that I'm not saying "No".) > > > > if mounting becomes the major 'hold up' in your booting process, it > > becomes VERY noticable. > > Jaja. Do you actually expect to be taken seriously? not from you. From thois mailing list I learnt, that if someone is not on your side, the person is wrong. > > > I have been there, > > I doubt that. Why should I lie? I had 3 ibm harddisks 1x10Gb,2x40gb one seagate 20gb and all and everything on its own partition. And it was hell after a while. > > More harddisks=bigger chance that one of them dies. > > True. So? What does this have to do with the fact, that the > available hd's are too small? Just as a reminder - that's > the scenario YOU are talking about. becuase you started with 'buy more harddisks' > >> > It is simple math. > >> > >> *LOL* _You_ should not talk about maths :) > > > > you obviously don't understand simple statistics. > > Seems like. But maybe it's just, that I've got problems > following your nonsense, hm? you mean your nonesense? Yep, it is hard to deal with you. I snipped the rest: TL:DR -- gentoo-user@gentoo.org mailing list