[ILUG] History of /etc ?
Barry Flanagan
barryf-lists at flanagan.ie
Mon May 31 15:47:14 IST 2004
On Mon, 2004-05-31 at 15:31, Colm MacCarthaigh wrote:
> On Mon, May 31, 2004 at 03:27:53PM +0100, Barry Flanagan wrote:
> > > Unless you mount /usr via nfs, and it's exported ro from the nfs server.
> > >You can then modify the files on the nfs server using an admin host and
> > >the mount never has to be remounted.
> >
> > Thank you Dave. And in that way even if the box is rooted, no hard can
> > come to your /usr filesystem.
>
> Sure it can, it can mounted over. And what if the admin box is rooted?
> fun-central! Or what if it just crashes, and so on ...
If the entire network is compromised then game over, sure. What I
contend is that by having a ro NFS mounted /usr (as well as other
sensible filesystem precautions) you are greatly reducing the chances of
that happening.
I am a great believer in multiple lines of defence, and this is surely
one of them.
--
-Barry Flanagan
More information about the ILUG
mailing list