On Mon, 2004-05-31 at 15:31, Colm MacCarthaigh wrote:
> On Mon, May 31, 2004 at 03:27:53PM +0100, Barry Flanagan wrote:
> > > Unless you mount /usr via nfs, and it's exported ro from the nfs server.
> > >You can then modify the files on the nfs server using an admin host and
> > >the mount never has to be remounted.
> >
> > Thank you Dave. And in that way even if the box is rooted, no hard can
> > come to your /usr filesystem.
>> Sure it can, it can mounted over. And what if the admin box is rooted?
> fun-central! Or what if it just crashes, and so on ...
If the entire network is compromised then game over, sure. What I
contend is that by having a ro NFS mounted /usr (as well as other
sensible filesystem precautions) you are greatly reducing the chances of
that happening.
I am a great believer in multiple lines of defence, and this is surely
one of them.
--
-Barry Flanagan
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
