| 1 |
On 03/14/2012 18:14, David Leverton wrote: |
| 2 |
|
| 3 |
> On 14 March 2012 21:04, Greg KH <gregkh@g.o> wrote: |
| 4 |
>> Haveing a separate /usr is wonderful, and once we finish moving /sbin/ |
| 5 |
>> and /bin/ into /usr/ it makes even more sense. See the /usr page at |
| 6 |
>> fedora for all of the great reasons why this is good. |
| 7 |
> |
| 8 |
> My point was examine, in detail, whether separate-/usr-with-initramfs |
| 9 |
> has any disadvantages compared to separate-/usr-without-initramfs. |
| 10 |
> Either it has, in which case we have a concrete argument against |
| 11 |
> requiring initramfs (albeit possibly one that can be fixed), or it |
| 12 |
> hasn't, which should hopefully convince at least some people to accept |
| 13 |
> it. |
| 14 |
|
| 15 |
|
| 16 |
I went with a split filesystem design when I built my first Gentoo install |
| 17 |
back in mid 2003 because at the time, both the Gentoo and Debian security |
| 18 |
guides referenced it as being an option for a more secure system. |
| 19 |
|
| 20 |
Specifically so that you could apply mount options to each partition. For |
| 21 |
example, on /home, you would usually want to do nodev and nosuid, because |
| 22 |
rarely does a user need the ability to create device nodes and SUID |
| 23 |
binaries. On /var, nodev, nosuid, and noexec, with the one exception if you |
| 24 |
ran qmail or a few other packages known to stick executables into /var. For |
| 25 |
/usr, the guides suggested just nodev, because you rarely, if ever need to |
| 26 |
create device nodes in /usr. Optionally, you could mount /usr ro and only |
| 27 |
make it rw if updating packages. |
| 28 |
|
| 29 |
You won't find A separate /usr mentioned specifically anymore in either |
| 30 |
security guide, but I'm sure if you dig on the Wayback Machine (once it |
| 31 |
comes back online), you can probably find these references. Search from |
| 32 |
2003 to 2007. I'm not certain when they were removed. |
| 33 |
|
| 34 |
-- |
| 35 |
Joshua Kinard |
| 36 |
Gentoo/MIPS |
| 37 |
kumba@g.o |
| 38 |
4096R/D25D95E3 2011-03-28 |
| 39 |
|
| 40 |
"The past tempts us, the present confuses us, the future frightens us. And |
| 41 |
our lives slip away, moment by moment, lost in that vast, terrible in-between." |
| 42 |
|
| 43 |
--Emperor Turhan, Centauri Republic |
Archives