From owner-freebsd-security  Mon Sep 28 01:47:15 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA00244
          for freebsd-security-outgoing; Mon, 28 Sep 1998 01:47:15 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from beatrice.rutgers.edu (beatrice.rutgers.edu [165.230.209.143])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA00239
          for <freebsd-security@freebsd.org>; Mon, 28 Sep 1998 01:47:12 -0700 (PDT)
          (envelope-from easmith@beatrice.rutgers.edu)
Received: (from easmith@localhost) by beatrice.rutgers.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) id EAA14013; Mon, 28 Sep 1998 04:42:03 -0400 (EDT)
From: "Allen Smith" <easmith@beatrice.rutgers.edu>
Message-Id: <9809280442.ZM14011@beatrice.rutgers.edu>
Date: Mon, 28 Sep 1998 04:42:02 -0400
In-Reply-To: Anton Voronin <anton@urc.ac.ru> "Re: Booting from NT ?" (Sep 28,  4:39am)
References: <199809262242.PAA24523@usr04.primenet.com> 
	<9809280220.ZM6404@beatrice.rutgers.edu> 
	<360F4A82.2A2E8157@urc.ac.ru>
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
To: Anton Voronin <anton@urc.ac.ru>, freebsd-security@FreeBSD.ORG
Subject: Re: Booting from NT ?
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sep 28,  4:39am, Anton Voronin (possibly) wrote:
> Allen Smith wrote:
> 
> > Question... what does happen if one has a R/O root filesystem,
> > including /dev, without DEVFS? I'm constructing a firewall computer
> > with a (switchable - a nice facility of some Seagate drives) hard
> > drive for root, a second writeable drive for /var and swap, and a /tmp
> > MFS. What problems am I likely to run into with /dev? I'd really
> > prefer not to have it as a symlink to /var/dev or some such...
> 
> It needs to write /dev/console but it does this before mounting according to
> fstab. If you protect your hard drive it probably won't work. Try to just
> mount it with -ro option.

Sorry, that would defeat the purpose - if somebody gets root on the
machine, they can override that. If it's _physically_ read-only, they
can't. If need be, I'll do something like moving /dev/console to
/var/dev/console and putting in a symlink - thanks for the
information.

	-Allen

-- 
Allen Smith				easmith@beatrice.rutgers.edu
	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message