Gentoo Archives: gentoo-security

From: Joe Knall <joe.knall@×××.net>
To: gentoo-security@l.g.o
Subject: [gentoo-security] mount noexec and ro
Date: Sat, 04 Nov 2006 10:55:25
1 Hello,
3 can/does mounting a partition with noexec, ro etc. provide additional
4 security or are those limitations easy to circumvent?
6 Example: webserver running chrooted
7 all libs and executables (apache, lib, usr ...) on read only mounted
8 partition /srv/www, data dirs (logs, htdocs ...) on
9 partition /srv/www/data mounted with noexec (but rw of course), no cgi
10 needed.
11 Server is started with "chroot /srv/www /apache/bin/httpd -k start".
13 Any cognition? Is this useful, nice, nonsense?
14 Keeping the chroot updated and so on is not my concern here.
16 Thanks, Joe
17 --
18 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] mount noexec and ro Wolfram Schlich <lists@×××××××××××××××.org>
Re: [gentoo-security] mount noexec and ro Paul de Vrieze <pauldv@g.o>