Re: [gentoo-user] How many GB for / partition?

[Alexander Skwar <listen@alexander.skwar.name>]

Hemmann, Volker Armin wrote:
> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
>> Hemmann, Volker Armin wrote:
>> > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
>> >> Hemmann, Volker Armin wrote:
>> >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
>> >> >> Hemmann, Volker Armin wrote:
>> >> >> > On Thursday 16 February 2006 15:45, Alexander Skwar wrote:
>> >> >> >> Hemmann, Volker Armin wrote:
>> >> >> >> > On Thursday 16 February 2006 14:06, Alexander Skwar wrote:
>> >> >> >> >> Izar Ilun wrote:
>> >> >> >
>> >> >> > Why should he make /tmp noexec,
>> >> >>
>> >> >> Security precaution.
>> >> >
>> >> > if you have 10+ users with access to the box. But a workstation,
>> >> > without even sshd running, it is not needed.
>> >>
>> >> "needed" - What's "needed", anyway?
>> >>
>> >> > And hey, why should /tmp noexec save you from anything?
>> >>
>> >> Because it does.
>> >
>> > so? how?
>>
>> Think, you might find out. What does noexec do, hm?
>>
>> Even *you* might find out...
>>
>> Well... If I think about it... No, you're too clueless
>> to find out.
>>
>> Hint 1: "noexec" nowadays makes it impossible to execute
>> programs stored on that filesystem.
> 
> I know,

Obviously not.

> but it won't save you from anything.

It does. Like I said.

> After a user got in,

Then it is too late. noexec can save you exactly here.

> he is a user. And every user has a place with write 
> permission (if he is user apache/httpd he has lots of places, where he can 
> store code).

No, he doesn't.

>  Outside of /tmp.

Wrong.

> You see - it doesn't help you anything.

I see that you don't know what you're talking about.

>> Hint 2: /tmp (and /var/tmp) are (hopefully) the only places
>> where everybody can write.
> 
> an attacker does not need a place, where everybody can write. He just needs 
> SOME place, where he can write - like the home-directory of the user he just 
> corrumpted.

But to gain access, most attacks need a place to write.

> Also, he can disrupt your system, by just filling up /tmp. No code needed for 
> that.

True. /var/log might be even easier.

>> True. /var/tmp is a link to /tmp on my system. And if not, /var/tmp
>> could also easily be a seperate fs.
> and another partition ..,.

Hint: A link is not a partition. And even if it were another
filesystem - who cares?

>> >> >> Ah. Please explain how you mount /tmp noexec and /usr
>> >> >> readonly.
>> >> >
>> >> > I don't because it is wasted effort.
>> >>
>> >> Of course it's not.
>> >
>> > yes it is.
>>
>> Jaja. Just because you've got problems, it doesn't mean
>> that there ARE problems.
> 
> it is wasted: if he has so many rights, that he could write to /usr, he has 
> enough rights to remount it.

Of course not. Having write permissions doesn't mean that
somebody is root.

Answer the question.

> and /tmp is not needed, as soon  as you have breaken into the box.

Exactly - *as* *soon*.

> So, noexec and ro /usr will save you from nothing.

Wrong.

>> No, it's not. Write permissions don't mean, that somebody is root.
> 
> in my /usr, yes it does.

Fine - who cares?

>> > yes really, you have to remount /usr everytime you update something.
>>
>> Jaja. You know, your exaggerations become boring...
> 
> because it is true?

No, it's not.

> show me, how do you update something residing in /usr without remounting.

I don't.

>> c) Boot a rescue system like Knoppix and clean /tmp.
> 
> yeah! but why boot from a boot-cd, if you don't have to? (hint:

Don't let it happen in the first place.

 /tmp not on
> its own, small partition)

Bad advice.

>> >> >> I see. Strange thing is, that about every server and workstation
>> >> >> I've seen more or less contradicts what you say.
>> >> >
>> >> > if you have 20+ users on each of them, and every single one is a
>> >> > little cracker in disguisse, it may make sense, but for a single user
>> >> > box?
>> >>
>> >> Why are you asking?
>> >
>> > because you are the one starting with 'server' and 'workstations'
>>
>> Correct. So what? Why are you asking?
>>
>> > and the OP
>> > never talked about one or the other.
>>
>> His system MUST be the one or the other.
> 
> nope,

Wrong.


> there is a third category: personal computer (also called home 
> computer).

Which is the WS class.

>> >> > If every partition takes a second, it will be very noticable.
>> >>
>> >> Hardly. (Notice that I'm not saying "No".)
>> >
>> > if mounting becomes the major 'hold up' in your booting process, it
>> > becomes VERY noticable.
>>
>> Jaja. Do you actually expect to be taken seriously?
> 
> not from you.

Fine.

> From thois mailing list I learnt, that if someone is not on your 
> side, the person is wrong.

If you say so.

>> > I have been there,
>>
>> I doubt that.
> 
> Why should I lie?

I've got no idea. But you obviously do.

> I had 3 ibm harddisks 1x10Gb,2x40gb one seagate 20gb and all and everything on 
> its own partition.
> And it was hell after a while.

Because you overdid it: "all and everything on its own partition".

>> > More harddisks=bigger chance that one of them dies.
>>
>> True. So? What does this have to do with the fact, that the
>> available hd's are too small? Just as a reminder - that's
>> the scenario YOU are talking about.
> 
> becuase you started with 'buy more harddisks'

As you started with "not enough space".

In your world, how do you get more space?

> 
>> >> > It is simple math.
>> >>
>> >> *LOL* _You_ should not talk about maths :)
>> >
>> > you obviously don't understand simple statistics.
>>
>> Seems like. But maybe it's just, that I've got problems
>> following your nonsense, hm?
> 
> you mean your nonesense?

No. I meant the nonesense that you write. Learn to read.

> Yep, it is hard to deal with you.

I'm just as anal as you are.

Alexander Skwar
-- 
Your happiness is intertwined with your outlook on life.
-- 
gentoo-user@gentoo.org mailing list