From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1FAFQ0-0002fF-98 for garchives@archives.gentoo.org; Fri, 17 Feb 2006 23:53:44 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id k1HNqdI7027195; Fri, 17 Feb 2006 23:52:39 GMT Received: from poseidon.rz.tu-clausthal.de (poseidon.rz.tu-clausthal.de [139.174.2.21]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id k1HNmh4a026093 for ; Fri, 17 Feb 2006 23:48:44 GMT Received: from poseidon.rz.tu-clausthal.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 97F2F2023EE for ; Sat, 18 Feb 2006 00:48:43 +0100 (CET) Received: from tu-clausthal.de (poseidon [139.174.2.21]) by poseidon.rz.tu-clausthal.de (Postfix) with ESMTP id 503C12023EC for ; Sat, 18 Feb 2006 00:48:43 +0100 (CET) Received: from energy.heim10.tu-clausthal.de ([139.174.241.94] verified) by tu-clausthal.de (CommuniGate Pro SMTP 5.0.6) with ESMTP id 11347048 for gentoo-user@lists.gentoo.org; Sat, 18 Feb 2006 00:48:43 +0100 From: "Hemmann, Volker Armin" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How many GB for / partition? Date: Sat, 18 Feb 2006 00:48:42 +0100 User-Agent: KMail/1.9.1 References: <7ae6f8f0602160419w67142523p296a88b3944ce180@mail.gmail.com> <200602171904.21420.volker.armin.hemmann@tu-clausthal.de> <20060217221508.GA29784@nexon> In-Reply-To: <20060217221508.GA29784@nexon> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Disposition: inline Message-Id: <200602180048.42750.volker.armin.hemmann@tu-clausthal.de> X-Virus-Scanned: by PureMessage V4.7 at tu-clausthal.de X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id k1HNmh4a026093 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id k1HNqdIO027195 X-Archives-Salt: cdc9b3d1-035b-417f-8863-b8a1afc38021 X-Archives-Hash: f546d9dd2b1ac109b6d37c958a3aa817 On Friday 17 February 2006 23:15, Patrick B=F6rjesson wrote: > > an attacker does not need a place, where everybody can write. He just > > needs SOME place, where he can write - like the home-directory of the > > user he just corrumpted. > > What's to say that the only way to get access to a system is through > hacking a user account? if he hacks apache, he is the httpd user, if he hacks sendmail, he is 'ma= il' If you are not a user, you are not logged in. IOr in reverse, as soon, as you can do anything on a box, you are a user = in=20 one way or another. > Exploits have existed (and probably does, if not in older code) that > uses /tmp, and the ability to execute things from that location, to get > access to more privileges. > So having /tmp mounted as noexec is a good security measure from these > kind of exploits. and I bet same exploits would work from /var/spool. > > > Also, he can disrupt your system, by just filling up /tmp. No code ne= eded > > for that. > > And that is the exact reason for keeping "writable by all" locations on > separate filesystems, so that the damage can be limited and not make th= e > entire system unusable if someone decides to fill up a filesystem. if / is huge, it is much harder to fill up /tmp And if he can fill up /tmp completly, you are hosed anyway. So having it = on=20 its own partition does not save you from anything. It only makes it more=20 likely, that at some point /tmp is too small and you need to make it bigg= er. --=20 gentoo-user@gentoo.org mailing list