From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1Hlx2E-00073a-HP for garchives@archives.gentoo.org; Thu, 10 May 2007 01:01:35 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4A10JF5024425; Thu, 10 May 2007 01:00:19 GMT Received: from desiato.localdomain (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4A0tsDN018425 for ; Thu, 10 May 2007 00:55:55 GMT Received: from hactar.digimed.co.uk (hactar.digimed.co.uk [192.168.1.2]) by desiato.localdomain (Postfix) with ESMTP id DC81E12ABB5 for ; Thu, 10 May 2007 01:55:53 +0100 (BST) Date: Thu, 10 May 2007 01:55:49 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Separate /usr [was: Clock is way off] Message-ID: <20070510015549.2b71a055@hactar.digimed.co.uk> In-Reply-To: <200705091831.08070.bulliver@badcomputer.org> References: <49bf44f10705081656s776f28f5kbe497a5326107c2f@mail.gmail.com> <200705091549.45764.bulliver@badcomputer.org> <20070510000608.319c2326@hactar.digimed.co.uk> <200705091831.08070.bulliver@badcomputer.org> Organization: Digital Media Production X-Mailer: Claws Mail 2.9.2cvs2 (GTK+ 2.10.12; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_jYZdAFk+aSmM8ONKF=uJ6Hl"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 0f21f500-7926-403f-9b4f-a0dd5da7e2c1 X-Archives-Hash: 6c3b63a1b4eac0924ed8b3e5cb98fbd1 --Sig_jYZdAFk+aSmM8ONKF=uJ6Hl Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 09 May 2007 18:31:07 -0600, darren kirby wrote: > quoth the Neil Bothwick: > > On Wed, 09 May 2007 15:49:45 -0600, darren kirby wrote: =20 > > > I have heard you can use a separate /usr to enhance security by > > > mounting it readonly under normal circumstances. This way, bad guys > > > can't mess with your binaries in /usr/bin and /usr/sbin, =20 > > > > Instead of only being able to get at the really important stuff > > in /bin and /sbin? =20 >=20 > Well, very nice how you trimmed the part of my original email that > speaks to your question and makes the same point as you, but thanks for > making me look stupid anyway... The part I trimmed was "though it seems to me if they have access=20 to mess with your /usr they can mess with anything anyway so..." which I guess could mean what you say you meant rather than how I read it. Sorry if you think I twisted your post, that wasn't my intention. --=20 Neil Bothwick Remember that the Titanic was built by experts, and the Ark by a newbie --Sig_jYZdAFk+aSmM8ONKF=uJ6Hl Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) iD8DBQFGQm2Yum4al0N1GQMRAq5fAJ4pIu3VHrwIgUSwfAd/IrlKflvTwgCgnxZh YhylnhwugjXBNfrnJWds+VM= =KJ28 -----END PGP SIGNATURE----- --Sig_jYZdAFk+aSmM8ONKF=uJ6Hl-- -- gentoo-user@gentoo.org mailing list