From: nordi (nordiaddcom.de)
Date: Tue Jul 13 2004 - 16:33:19 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

John Richard Moser wrote:
> I don't see the need for 7 partitions, if you use journaling.
The reason for using several partitions is not that they can be checked
faster. This is done for increased security through special mount
options and to prevent local DoS attacks. But read on.

> For /tmp, use a tmpfs:
[...]
> I use a 2G tmpfs with a 2G swap and 768M physical ram.
Which will make it easy to overload your machine if you don't use quotas
+ a specifically hardened kernel. A local attacker can fill up your 2GB
of /tmp, which means your RAM is full and 1.5GB of swap in use. This is
going to be _really_ bad for your perfomance (=DoS). This is no concern
for your dev-box at home, but for a webserver this is can be a serious
issue.

> /usr and /usr/local I'd think could be the same; if you break the
> system, you have to do a full reinstall anyway to rewrite the binaries
> even though you could keep your configuration.

I think the point behind putting /usr/local/ on a seperate partition is
that you can mount /usr as read only (maybe even mount it from a remote
host if you have many boxes!). As most files are located there, yet they
hardly ever need to be changed, this is a good idea. Stuff that is
specific for this box can then be placed in /usr/local.

In addition to using several partitions, /etc, /var, /home and /tmp
should be mounted with "nodev" and "nosuid" options. /usr/local should
at least have the "nodev" option set

nordi

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]