trying out older (read-only, noexec, mount) security methods
James Wilkinson
fedora at westexe.demon.co.uk
Wed Nov 9 13:07:22 UTC 2005
Tim wrote:
> Are there any known, current, problems with mounting certain things as
> read-only or noexec to minimise harm? Such as making /tmp and /home
> noexec? Or /usr read-only? Or any other suggestions?
I've got /tmp mounted nodev,noexec (and should probably mount /var the
same way).
A read-only /usr sounds like more trouble than it's worth: it *will*
break yum updates. So you'll have to regularly remount it read-write
(while the system's on-line) to update the machine.
James.
--
E-mail address: james | "In these troubled times, it's always refreshing to
@westexe.demon.co.uk | see a major company concentrating on vital issues.
| It would be even more refreshing if Compaq tried it
| for once." -- The Inquirer
More information about the fedora-list
mailing list