Gentoo Archives: gentoo-security

From: Miguel Angel Tormo Alfaro <matormo@××××××.es>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] mount noexec and ro
Date: Mon, 06 Nov 2006 06:05:41
Message-Id: 200611060658.03887.matormo@edicom.es
In Reply to: Re: [gentoo-security] mount noexec and ro by Paul de Vrieze
But normally only root can make devices, right?

El Sábado 04 Noviembre 2006 20:03, Paul de Vrieze escribió:
> On Saturday 04 November 2006 17:27, Joe Knall wrote: > > correct, it's atually like this > > /srv/www type ext3 (ro,nosuid,nodev,acl,user_xattr) > > /srv/www/data type ext3 (rw,noexec,nosuid,acl,user_xattr) > > > > but I need a /dev, currently data/dev with null and urandom there, > > writeable and not nodev (could as well be a separate partition). > > Do you think this turns all the rest in vain? > > Nodev is mainly for those situations where you may not have full control over > the disk (like usb sticks). But the ability to have devices will mean that > those who can make devices can abuse them. > > Paul >
-- gentoo-security@g.o mailing list