Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Paul de Vrieze <pauldv@g.o>
Subject: Re: mount noexec and ro
Date: Sat, 04 Nov 2006 16:00:29 +0100
On Saturday 04 November 2006 12:11, Joe Knall wrote:
> Hello,
>
> can/does mounting a partition with noexec, ro etc. provide additional
> security or are those limitations easy to circumvent?
>
> Example: webserver running chrooted
> all libs and executables (apache, lib, usr ...) on read only mounted
> partition /srv/www, data dirs (logs, htdocs ...) on
> partition /srv/www/data mounted with noexec (but rw of course), no cgi
> needed.
> Server is started with "chroot /srv/www /apache/bin/httpd -k start".
>
> Any cognition? Is this useful, nice, nonsense?
> Keeping the chroot updated and so on is not my concern here.

Besides this, you must also add nodev to prevent those kinds of circumventions

Paul

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@g.o
Homepage: http://www.devrieze.net
Attachment:
pgpgMwLbrazuj.pgp (PGP signature)
Replies:
Re: mount noexec and ro
-- Joe Knall
References:
mount noexec and ro
-- Joe Knall
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: mount noexec and ro
Next by thread:
Re: mount noexec and ro
Previous by date:
Re: mount noexec and ro
Next by date:
Re: mount noexec and ro


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.