[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE webserver

To: nordi <nordi@xxxxxxxxx>
Subject: Re: [suse-security] SuSE webserver
From: John Richard Moser <nigelenki@xxxxxxxxxxx>
Date: Tue, 13 Jul 2004 17:40:04 -0400
Cc: suse-security@xxxxxxxx
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <40F4551F.2010706@xxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <ICELJOHAGNAFJPFMMBKOMENACMAA.thomas.knight@xxxxxxxxxx> <40F43D32.3070201@xxxxxxxxxxx> <40F4551F.2010706@xxxxxxxxx>
User-agent: Mozilla Thunderbird 0.7.1 (X11/20040630)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



nordi wrote:
| John Richard Moser wrote:
|  > I don't see the need for 7 partitions, if you use journaling.
| The reason for using several partitions is not that they can be checked
| faster. This is done for increased security through special mount
| options and to prevent local DoS attacks. But read on.
|
|  > For /tmp, use a tmpfs:
| [...]
|  > I use a 2G tmpfs with a 2G swap and 768M physical ram.
| Which will make it easy to overload your machine if you don't use quotas
| + a specifically hardened kernel. A local attacker can fill up your 2GB

Ok local attacker loses his account and gets fired.  Still no chance of
lamers coming in from the web server.

| of /tmp, which means your RAM is full and 1.5GB of swap in use. This is
| going to be _really_ bad for your perfomance (=DoS). This is no concern
| for your dev-box at home, but for a webserver this is can be a serious
| issue.
|
|  > /usr and /usr/local I'd think could be the same; if you break the
|  > system, you have to do a full reinstall anyway to rewrite the binaries
|  > even though you could keep your configuration.
|
| I think the point behind putting /usr/local/ on a seperate partition is
| that you can mount /usr as read only (maybe even mount it from a remote
| host if you have many boxes!). As most files are located there, yet they
| hardly ever need to be changed, this is a good idea. Stuff that is
| specific for this box can then be placed in /usr/local.

Ahh, neat.

|
| In addition to using several partitions, /etc, /var, /home and /tmp
| should be mounted with "nodev" and "nosuid" options. /usr/local should
| at least have the "nodev" option set
|

Yeah, nice.

| nordi
|
|

Thanks for the clarification.  I'm mostly into things like PaX and stack
smash protection, proper coding, and a little access control.  The whole
nosuid-nodev thing I tend to overlook, as I'd expect SELinux or RSBAC to
be used for that, or for mknod() or chmod()+s to just be denied to
non-root users.  I also use journaled filesystems (reiserfs), and think
that a filesystem should be seen as 'clean' if it came down when there
was nothing to be flushed to it and no files open.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA9FazhDd4aOud5P8RAmUNAJ44/FLjqNQo/x8oyZqPHXYdZPMVCgCfY9cO
5wXKHrQapnWB6Rs/qYCF7SU=
=lsOO
-----END PGP SIGNATURE-----

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] SuSE webserver
  - From: nordi

References:
- RE: [suse-security] SuSE webserver
  - From: Tom Knight
- Re: [suse-security] SuSE webserver
  - From: John Richard Moser
- Re: [suse-security] SuSE webserver
  - From: nordi

Prev by Date: Re: [suse-security] SuSE webserver
Next by Date: Re: [suse-security] SuSE webserver
Previous by thread: Re: [suse-security] SuSE webserver
Next by thread: Re: [suse-security] SuSE webserver
Index(es):
- Date
- Thread