Date: Fri, 13 Jul 2001 12:25:00 +0100 From: Paul Robinson <paul@akita.co.uk> To: Bart Silverstrim <bsilver@sosbbs.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: gcc on production server Message-ID: <20010713122500.A23202@jake.akitanet.co.uk> In-Reply-To: <007c01c10b14$5462d820$0100a8c0@sosbbs.com>; from bsilver@sosbbs.com on Thu, Jul 12, 2001 at 04:50:45PM -0400 References: <20010711170336.B84178@krijt.livens.net> <20010711123133.A21587@pitr.tuxinternet.com> <20010712123523.G53408@jake.akitanet.co.uk> <007c01c10b14$5462d820$0100a8c0@sosbbs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 12, Bart Silverstrim <bsilver@sosbbs.com> wrote:
> Why not use two drives, one read only with the OS on it, one with multiple
> partitions to mount to /var and /tmp, <swap>, /home...stuff like that...or
> some variation of that theme?
Because I'm not sure that enhances security in any way. There are lots of
problems here, not least that if somebody finds a hole in your ftpd or
whatever, you are going to have to go into serious downtime to patch
it. Whereas a rw disk can be patched in seconds. Not only that, but you're
completely forgetting the the ro jumper is really only a software lock. Oh
yeah, and if you're an ISP with 40 1u rack servers in a cabinet, you're
already moving into the world of problems with heat dissipation, you don't
want to be sticking in extra drives that could potentially be adding an
extra $10,000 in hardware costs to your setup.
I really think the right approach that should be considered from a security
point of view, is that of TrustedBSD. The intention of what you are
attempting to acheive is good, but there are better and more manageable ways
of acheiving the same result.
> I toyed with the idea of trying to make bootable CD's for the key system
> files and such before, should work in a similar manner to what is basically
> described above (although performance from the read operations would be
> terrible) if I actually had the time and extra hardware to dedicate to
> making system laid out to create a "image" and make a slave drive on another
> system with a CD-R drive :-) Gotta admit, that would make it terribly
> difficult to crack into and lay trojaned system binaries...
I looked to do this a while back, not for reasons of security, but because
it meant I could 'upgrade' a box by sending out a new CD to the customer
site and asking them to change it. It's actually relatively easy, once you
get your head around mkisofs. ;-)
But like I say, this is not something I would personally encourage you to do
because you believe it to be securing something.
--
Paul Robinson ,---------------------------------------
Technical Director @ Akita | A computer lets you make more mistakes
PO Box 604, Manchester, M60 3PR | than any other invention with the
T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and
| Tequila - Mitch Ratcliffe
`-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010713122500.A23202>