Gentoo Archives: gentoo-security

From:	Joe Knall <joe.knall@×××.net>
To:	gentoo-security@l.g.o
Subject:	[gentoo-security] mount noexec and ro
Date:	Sat, 04 Nov 2006 10:55:25
Message-Id:	`200611041211.22434.joe.knall@gmx.net`

1	Hello,
2
3	can/does mounting a partition with noexec, ro etc. provide additional
4	security or are those limitations easy to circumvent?
5
6	Example: webserver running chrooted
7	all libs and executables (apache, lib, usr ...) on read only mounted
8	partition /srv/www, data dirs (logs, htdocs ...) on
9	partition /srv/www/data mounted with noexec (but rw of course), no cgi
10	needed.
11	Server is started with "chroot /srv/www /apache/bin/httpd -k start".
12
13	Any cognition? Is this useful, nice, nonsense?
14	Keeping the chroot updated and so on is not my concern here.
15
16	Thanks, Joe
17	--
18	gentoo-security@g.o mailing list

Subject	Author
Re: [gentoo-security] mount noexec and ro	Wolfram Schlich <lists@×××××××××××××××.org>
Re: [gentoo-security] mount noexec and ro	Paul de Vrieze <pauldv@g.o>