From owner-freebsd-questions@FreeBSD.ORG Fri Jun 13 18:03:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 761171065674 for ; Fri, 13 Jun 2008 18:03:29 +0000 (UTC) (envelope-from andrew@qemg.org) Received: from post.queensu.ca (post.QueensU.CA [130.15.126.6]) by mx1.freebsd.org (Postfix) with ESMTP id 3527D8FC17 for ; Fri, 13 Jun 2008 18:03:29 +0000 (UTC) (envelope-from andrew@qemg.org) Received: from U48.N136.QueensU.CA (U48.N136.QueensU.CA [130.15.136.48]) by post.queensu.ca (8.13.1/8.13.1) with ESMTP id m5DHjAuZ003662 for ; Fri, 13 Jun 2008 13:45:18 -0400 (EDT) Date: Fri, 13 Jun 2008 14:47:00 -0300 (ADT) From: "A. Hamilton-Wright" To: freebsd-questions@freebsd.org Message-ID: User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Subject: Running with a readonly root partition X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2008 18:03:29 -0000 As devfs is running by default, it seems to me that it would be relatively easy to run with a readonly root partition, assuming that the directories under which writing is necessary (ie; /tmp, /var, /home) are located in separate, writable partitions. The main advantages are that none of the configuration files or binaries in /etc and /usr (which may still be on a separate readonly partition) are vulnerable to attack (even from a local privilege escalation) without remounting the partition as writable. This used to be a very common setup in the *NIX world, so I am surprised to find little to no mention of it in the archives. I set up my machine this way a couple of months back, and have noticed some minor things (some few things assume a writable /etc, notably including dump(8), and the boot process update to /etc/motd). Once these have been rectified by relocating the files and setting up symlinks, there have been no problems. My questions are: - does anyone else do this? - if not, why not?