From owner-freebsd-security Mon Sep 28 14:48:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA02996 for freebsd-security-outgoing; Mon, 28 Sep 1998 14:48:19 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from smtp03.primenet.com (smtp03.primenet.com [206.165.6.133]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA02990; Mon, 28 Sep 1998 14:48:15 -0700 (PDT) (envelope-from tlambert@usr04.primenet.com) Received: (from daemon@localhost) by smtp03.primenet.com (8.8.8/8.8.8) id OAA27768; Mon, 28 Sep 1998 14:47:59 -0700 (MST) Received: from usr04.primenet.com(206.165.6.204) via SMTP by smtp03.primenet.com, id smtpd027678; Mon Sep 28 14:47:49 1998 Received: (from tlambert@localhost) by usr04.primenet.com (8.8.5/8.8.5) id OAA07076; Mon, 28 Sep 1998 14:47:44 -0700 (MST) From: Terry Lambert Message-Id: <199809282147.OAA07076@usr04.primenet.com> Subject: Re: Booting from NT ? To: easmith@beatrice.rutgers.edu (Allen Smith) Date: Mon, 28 Sep 1998 21:47:44 +0000 (GMT) Cc: tlambert@primenet.com, security@FreeBSD.ORG, hackers@FreeBSD.ORG In-Reply-To: <9809280220.ZM6404@beatrice.rutgers.edu> from "Allen Smith" at Sep 28, 98 02:20:33 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > The minimal modification is an MFS /var, mounted early, and a symlink > > from /tmp -> /var/tmp, yes. > > > > Having a DEVFS (with SLICE) also helps... one less thing to deal > > with not being R/O. > > Question... what does happen if one has a R/O root filesystem, > including /dev, without DEVFS? I'm constructing a firewall computer > with a (switchable - a nice facility of some Seagate drives) hard > drive for root, a second writeable drive for /var and swap, and a /tmp > MFS. What problems am I likely to run into with /dev? I'd really > prefer not to have it as a symlink to /var/dev or some such... It works. For a bastion host, there's really no reason to have it writeable anyway... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message