From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1M2wQx-0001ZG-VT for garchives@archives.gentoo.org; Sat, 09 May 2009 23:58:24 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2DABBE0341; Sat, 9 May 2009 23:58:22 +0000 (UTC) Received: from yx-out-1718.google.com (yx-out-1718.google.com [74.125.44.153]) by pigeon.gentoo.org (Postfix) with ESMTP id 08DFEE0341 for ; Sat, 9 May 2009 23:58:21 +0000 (UTC) Received: by yx-out-1718.google.com with SMTP id 36so6739225yxh.46 for ; Sat, 09 May 2009 16:58:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=BNkIXWNCckHN3AF+DFY5LfVtb4ZfvosYuMwngFKwNtM=; b=uo38v7ZPs7/cpsbj1vM+xPlA7/gQS+iZ2nIyocr1vOvTPjlxZHMhHEtFmtMrPuSznD vpfG6dd8V86TqiDHFAbU+/z2UmVGFnbPyQAhJJUeA3v/0mYYwIA/KyXN1IV5XoC9FyYT 6sCeOEKR9JChwap+nqTiw/Yi57kgnzMOBRhtY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=BOMm7IZ46nzHE4+7wjFoLcBfvnxugGZl9CFfi4kD3Xp6aUKNujR8NGO+vjc3YWp8IF q8S5+15UCZbQVnrkwxCW62NMFN4/B3ppksHfqzS/ED5Huzk5yuTWS7HR45sNbhIXto5+ NRTQJuw/JFJS8qsK+zVIC40RI6rXeg2wXIMJA= Received: by 10.90.93.17 with SMTP id q17mr4580106agb.78.1241913501699; Sat, 09 May 2009 16:58:21 -0700 (PDT) Received: from ?64.89.164.9? (r164h9.dixie-net.com [64.89.164.9]) by mx.google.com with ESMTPS id 25sm4004431aga.57.2009.05.09.16.58.19 (version=SSLv3 cipher=RC4-MD5); Sat, 09 May 2009 16:58:21 -0700 (PDT) Message-ID: <4A061898.70405@gmail.com> Date: Sat, 09 May 2009 18:58:16 -0500 From: Dale User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.21) Gecko/20090502 SeaMonkey/1.1.16 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: /boot or not /boot (was Re: [gentoo-user] can't stop the panic on eeepc) References: <73087.60162.qm@web31607.mail.mud.yahoo.com> <200905091441.44936.dirk.heinrichs@online.de> <4A057B2F.9050804@gmail.com> <200905091454.22915.dirk.heinrichs@online.de> <4A0581DD.8020902@gmail.com> <20090510003417.4bea3925@zaphod.digimed.co.uk> In-Reply-To: <20090510003417.4bea3925@zaphod.digimed.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: a1914715-ca06-48f5-bc76-ead800a4f4b6 X-Archives-Hash: 035c598b768528ee63659ae33ebf5dae Neil Bothwick wrote: > On Sat, 09 May 2009 08:15:09 -0500, Dale wrote: > > >> I was talking about with just a plain file system. I read in a install >> guide somewhere when I was installing ages ago that having /boot on a >> separate partition, and not always mounted, was a good security >> practice. That way no one could alter the kernel since it was not >> mounted. >> > > That's a bit of a red herring IMO. If anyone can alter your kernel they > can mount the filesystem. The argument about protecting the kernel from > corruption is similarly spurious, since you always have a spare copy > in /usr/src/linux anyway. The main reason for doing this was because some > BIOSes could work past cylinder 1024 of a drive, so you needed to ensure > the kernel was on a filesystem fully within that area. > > If it were a security issue, then the Gentoo handbook would have > recommended this practice for all architectures, not just x86-based ones. > > > That was my thoughts as well. You have to be root to get to the kernel and alter/copy it and if you are root, you can mount it anyway. No real point. I do get the old BIOSes tho. That was a issue for a good while. Dale :-) :-)