From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1M2w3o-0006vq-Ef for garchives@archives.gentoo.org; Sat, 09 May 2009 23:34:28 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BE419E0227; Sat, 9 May 2009 23:34:26 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 86916E0206 for ; Sat, 9 May 2009 23:34:26 +0000 (UTC) Received: from zaphod.digimed.co.uk (zaphod.digimed.co.uk [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.digimed.co.uk (Postfix) with ESMTPSA id B633D319971 for ; Sun, 10 May 2009 00:34:25 +0100 (BST) Date: Sun, 10 May 2009 00:34:17 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: /boot or not /boot (was Re: [gentoo-user] can't stop the panic on eeepc) Message-ID: <20090510003417.4bea3925@zaphod.digimed.co.uk> In-Reply-To: <4A0581DD.8020902@gmail.com> References: <73087.60162.qm@web31607.mail.mud.yahoo.com> <200905091441.44936.dirk.heinrichs@online.de> <4A057B2F.9050804@gmail.com> <200905091454.22915.dirk.heinrichs@online.de> <4A0581DD.8020902@gmail.com> Organization: Digital Media Production X-Mailer: Claws Mail 3.7.1cvs52 (GTK+ 2.16.1; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/3bo=XOrZ66SFueUH.5cTrGd"; protocol="application/pgp-signature" X-Archives-Salt: fd9a118d-e73c-413c-81f1-bffc0b09e7ca X-Archives-Hash: d4b44b8c6db230c2ef2265082364d924 --Sig_/3bo=XOrZ66SFueUH.5cTrGd Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sat, 09 May 2009 08:15:09 -0500, Dale wrote: > I was talking about with just a plain file system. I read in a install > guide somewhere when I was installing ages ago that having /boot on a > separate partition, and not always mounted, was a good security > practice. That way no one could alter the kernel since it was not > mounted.=20 That's a bit of a red herring IMO. If anyone can alter your kernel they can mount the filesystem. The argument about protecting the kernel from corruption is similarly spurious, since you always have a spare copy in /usr/src/linux anyway. The main reason for doing this was because some BIOSes could work past cylinder 1024 of a drive, so you needed to ensure the kernel was on a filesystem fully within that area. If it were a security issue, then the Gentoo handbook would have recommended this practice for all architectures, not just x86-based ones. --=20 Neil Bothwick If you don't pay your exorcist, you get repossessed. --Sig_/3bo=XOrZ66SFueUH.5cTrGd Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkoGEwAACgkQum4al0N1GQPvfACfe6Yo27ZDUOg+k95tWPSpjne9 HiYAoI8e7M0UZnr6dVEYzqN+FCXH+8Lm =VkBh -----END PGP SIGNATURE----- --Sig_/3bo=XOrZ66SFueUH.5cTrGd--