Gentoo Archives: gentoo-security

From: Paul de Vrieze <pauldv@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] mount noexec and ro
Date: Sat, 04 Nov 2006 19:10:54
Message-Id: 200611042003.33164.pauldv@gentoo.org
In Reply to: Re: [gentoo-security] mount noexec and ro by Joe Knall
On Saturday 04 November 2006 17:27, Joe Knall wrote:
> correct, it's atually like this > /srv/www type ext3 (ro,nosuid,nodev,acl,user_xattr) > /srv/www/data type ext3 (rw,noexec,nosuid,acl,user_xattr) > > but I need a /dev, currently data/dev with null and urandom there, > writeable and not nodev (could as well be a separate partition). > Do you think this turns all the rest in vain?
Nodev is mainly for those situations where you may not have full control over the disk (like usb sticks). But the ability to have devices will mean that those who can make devices can abuse them. Paul -- Paul de Vrieze Gentoo Developer Mail: pauldv@g.o Homepage: http://www.devrieze.net

Replies

Subject Author
Re: [gentoo-security] mount noexec and ro Miguel Angel Tormo Alfaro <matormo@××××××.es>