[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SuSE webserver
-----BEGIN PGP SIGNED MESSAGE-----
| John Richard Moser wrote:
| > I don't see the need for 7 partitions, if you use journaling.
| The reason for using several partitions is not that they can be checked
| faster. This is done for increased security through special mount
| options and to prevent local DoS attacks. But read on.
| > For /tmp, use a tmpfs:
| > I use a 2G tmpfs with a 2G swap and 768M physical ram.
| Which will make it easy to overload your machine if you don't use quotas
| + a specifically hardened kernel. A local attacker can fill up your 2GB
Ok local attacker loses his account and gets fired. Still no chance of
lamers coming in from the web server.
| of /tmp, which means your RAM is full and 1.5GB of swap in use. This is
| going to be _really_ bad for your perfomance (=DoS). This is no concern
| for your dev-box at home, but for a webserver this is can be a serious
| > /usr and /usr/local I'd think could be the same; if you break the
| > system, you have to do a full reinstall anyway to rewrite the binaries
| > even though you could keep your configuration.
| I think the point behind putting /usr/local/ on a seperate partition is
| that you can mount /usr as read only (maybe even mount it from a remote
| host if you have many boxes!). As most files are located there, yet they
| hardly ever need to be changed, this is a good idea. Stuff that is
| specific for this box can then be placed in /usr/local.
| In addition to using several partitions, /etc, /var, /home and /tmp
| should be mounted with "nodev" and "nosuid" options. /usr/local should
| at least have the "nodev" option set
Thanks for the clarification. I'm mostly into things like PaX and stack
smash protection, proper coding, and a little access control. The whole
nosuid-nodev thing I tend to overlook, as I'd expect SELinux or RSBAC to
be used for that, or for mknod() or chmod()+s to just be denied to
non-root users. I also use journaled filesystems (reiserfs), and think
that a filesystem should be seen as 'clean' if it came down when there
was nothing to be flushed to it and no files open.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here