From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1M32pl-00065W-4O for garchives@archives.gentoo.org; Sun, 10 May 2009 06:48:25 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EFF1DE01D0; Sun, 10 May 2009 06:48:23 +0000 (UTC) Received: from aa011msr.fastwebnet.it (aa011msr.fastwebnet.it [85.18.95.71]) by pigeon.gentoo.org (Postfix) with ESMTP id A21AAE01D0 for ; Sun, 10 May 2009 06:48:23 +0000 (UTC) Received: from [1.36.68.33] (1.36.68.33) by aa011msr.fastwebnet.it (8.5.016.6) id 4A055B6D000D683A for gentoo-user@lists.gentoo.org; Sun, 10 May 2009 08:48:22 +0200 From: Francesco Talamona Organization: i.Know To: gentoo-user@lists.gentoo.org Subject: Re: /boot or not /boot (was Re: [gentoo-user] can't stop the panic on eeepc) Date: Sun, 10 May 2009 08:48:22 +0200 User-Agent: KMail/1.9.9 References: <73087.60162.qm@web31607.mail.mud.yahoo.com> <200905091454.22915.dirk.heinrichs@online.de> <4A0581DD.8020902@gmail.com> In-Reply-To: <4A0581DD.8020902@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Message-Id: <200905100848.22226.francesco.talamona@know.eu> Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 65ecf92b-a159-4f0f-a7b9-52d78f783110 X-Archives-Hash: 79cb3346d76929af72e32c78c4609ac0 On Saturday 09 May 2009, Dale wrote: > I was talking about with just a plain file system. =A0I read in a > install guide somewhere when I was installing ages ago that having > /boot on a separate partition, and not always mounted, was a good > security practice. =A0That way no one could alter the kernel since it > was not mounted. > > I do agree that if a person was on the system and able to get root > access, they could them mount the /boot partition as well. =A0I never > was really sure why this was thought to work. =A0I used a separate > /boot because for a while I was dual booting Mandrake and Gentoo. > =A0Old habit now I guess. It's a suggestion for security against user errors; I'm pretty sure it=20 was there long before genkernel came out, when there=20 wasn't "automation" in kernel building. Furthermore you can use a non journalled filesystem for /boot. Ciao Francesco --=20 Linux Version 2.6.29-gentoo-r3, Compiled #2 SMP PREEMPT Sat May 9=20 18:15:29 CEST 2009 Two 1GHz AMD Athlon 64 Processors, 4GB RAM, 4018.42 Bogomips Total aemaeth