Re: [gentoo-user] How many GB for / partition? - gentoo-user

From:	John Jolet <john@×××××.net>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] How many GB for / partition?
Date:	Fri, 17 Feb 2006 22:34:37
Message-Id:	`20060217221946.392F418033@flower.jolet.net`

1

the problem is they both have valid points.  in this,as in nearly all aspects of unix administration, there is not a single right answer.

2

3

-----Original Message-----

4

    From: "Patrick Börjesson"<psycho@××××××××.cx>

5

    Sent: 2/17/06 4:15:08 PM

6

    To: "gentoo-user@l.g.o"<gentoo-user@l.g.o>

7

    Subject: Re: [gentoo-user] How many GB for / partition?

8

9

    First, I can't really understand why either one of you two won't fully

10

    explain your reasonings when going against the other. It helps noone.

11

12

    On 2006-02-17 19:04, Hemmann, Volker Armin uttered these thoughts:

13

    > On Friday 17 February 2006 07:33, Alexander Skwar wrote:

14

    > > Hemmann, Volker Armin wrote:

15

    > > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:

16

    > > >> Hemmann, Volker Armin wrote:

17

    > > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:

18

    > > >> >> Hemmann, Volker Armin wrote:

19

    > > >> >> >

20

    > > >> >> > Why should he make /tmp noexec,

21

    > > >> >>

22

    > > >> >> Security precaution.

23

    > > >> >

24

    > > >> > if you have 10+ users with access to the box. But a workstation,

25

    > > >> > without even sshd running, it is not needed.

26

27

    Of course, if you have a system with _no_ services running (including

28

    apache, sshd and so on), or a firewall that blocks every and all

29

    incoming connection attempt, then for someone to access /tmp without

30

    having physical access to the system (in which case you're pretty much

31

    screwed anyhow) is, as far as I know, impossible.=20

32

33

    This doesn't take into account client-side exploits; because with these

34

    the exploiting code has access to whatever resources the user running

35

    the client has, including writing to whatever areas that the user has.=20

36

37

    > > >> "needed" - What's "needed", anyway?

38

    > > >>

39

    > > >> > And hey, why should /tmp noexec save you from anything?

40

    > > >>

41

    > > >> Because it does.

42

    > > >

43

    > > > so? how?

44

> >

45

    > > Think, you might find out. What does noexec do, hm?

46

> >

47

    > > Even *you* might find out...

48

> >

49

    > > Well... If I think about it... No, you're too clueless

50

    > > to find out.

51

> >

52

    > > Hint 1: "noexec" nowadays makes it impossible to execute

53

    > > programs stored on that filesystem.

54

    >=20

55

    > I know, but it won't save you from anything.

56

    > After a user got in, he is a user. And every user has a place with write=

57

=20

58

    > permission (if he is user apache/httpd he has lots of places, where he ca=

59

    n=20

60

    > store code).  Outside of /tmp.

61

62

    Where?    

63

64

[Message truncated. Tap Edit->Mark for Download to get remaining portion.]

65

66

--

67

gentoo-user@g.o mailing list

1	the problem is they both have valid points. in this,as in nearly all aspects of unix administration, there is not a single right answer.
2
3	-----Original Message-----
4	From: "Patrick Börjesson"<psycho@××××××××.cx>
5	Sent: 2/17/06 4:15:08 PM
6	To: "gentoo-user@l.g.o"<gentoo-user@l.g.o>
7	Subject: Re: [gentoo-user] How many GB for / partition?
8
9	First, I can't really understand why either one of you two won't fully
10	explain your reasonings when going against the other. It helps noone.
11
12	On 2006-02-17 19:04, Hemmann, Volker Armin uttered these thoughts:
13	> On Friday 17 February 2006 07:33, Alexander Skwar wrote:
14	> > Hemmann, Volker Armin wrote:
15	> > > On Thursday 16 February 2006 20:40, Alexander Skwar wrote:
16	> > >> Hemmann, Volker Armin wrote:
17	> > >> > On Thursday 16 February 2006 17:18, Alexander Skwar wrote:
18	> > >> >> Hemmann, Volker Armin wrote:
19	> > >> >> >
20	> > >> >> > Why should he make /tmp noexec,
21	> > >> >>
22	> > >> >> Security precaution.
23	> > >> >
24	> > >> > if you have 10+ users with access to the box. But a workstation,
25	> > >> > without even sshd running, it is not needed.
26
27	Of course, if you have a system with _no_ services running (including
28	apache, sshd and so on), or a firewall that blocks every and all
29	incoming connection attempt, then for someone to access /tmp without
30	having physical access to the system (in which case you're pretty much
31	screwed anyhow) is, as far as I know, impossible.=20
32
33	This doesn't take into account client-side exploits; because with these
34	the exploiting code has access to whatever resources the user running
35	the client has, including writing to whatever areas that the user has.=20
36
37	> > >> "needed" - What's "needed", anyway?
38	> > >>
39	> > >> > And hey, why should /tmp noexec save you from anything?
40	> > >>
41	> > >> Because it does.
42	> > >
43	> > > so? how?
44	> >
45	> > Think, you might find out. What does noexec do, hm?
46	> >
47	> > Even you might find out...
48	> >
49	> > Well... If I think about it... No, you're too clueless
50	> > to find out.
51	> >
52	> > Hint 1: "noexec" nowadays makes it impossible to execute
53	> > programs stored on that filesystem.
54	>=20
55	> I know, but it won't save you from anything.
56	> After a user got in, he is a user. And every user has a place with write=
57	=20
58	> permission (if he is user apache/httpd he has lots of places, where he ca=
59	n=20
60	> store code). Outside of /tmp.
61
62	Where?
63
64	[Message truncated. Tap Edit->Mark for Download to get remaining portion.]
65
66	--
67	gentoo-user@g.o mailing list

Gentoo Archives: gentoo-user