Maarten wrote: > Okay, can we stop with the flamefest, already ? Certainly.
> Alexander Skwar wrote: >> Hemmann, Volker Armin wrote: >>>On Thursday 16 February 2006 20:40, Alexander Skwar wrote: >>>>Hemmann, Volker Armin wrote: >>>>>On Thursday 16 February 2006 17:18, Alexander Skwar wrote: >>>>>>Hemmann, Volker Armin wrote: >>>>>>>On Thursday 16 February 2006 15:45, Alexander Skwar wrote: > > >>>>Wrong again. If tmp is the only place somebody can write, then >>>>it might save you (and it DID save my ass more than once now). >>> >>>since /tmp is not the only place where someone can write (/var/tmp anyone?) > > Several more indeed. Find comes to the rescue: > > 12087 0 drwxrwxrwt 2 root root 40 Jan 10 22:40 /dev/shm > 252744 0 drwxrwxrwt 2 root root 72 Apr 20 2005 > /var/spool/samba > > Yes, I CAN make files there, as a regular user. Yep, but you have to find those places. If you cannot execute programs, that will be hard. With /tmp, an attacker knows that he can write there. Granted, /dev/shm is also a rather common place that allows everyone to write to. >>>yes really, you have to remount /usr everytime you update something. >> >> Jaja. You know, your exaggerations become boring... > > Well, no. It is correct. How do you expect to install something when /usr is > mounted RO ? Well, you know, his arguments aren't /totally/ wrong. I already said that they are true, in a sense - but I also said, that he's exaggerating very much. Quite obviously, there's no way to write to /usr if it is mounted read only. What I disagree with, is that his notion that a "mount -o remount,rw /usr" is a lot of work. I also don't disagree that it IS extra work. I'm just saying that it's not MUCH extra work. Alexander Skwar -- (German philosopher) Georg Wilhelm Hegel, on his deathbed, complained, "Only one man ever understood me." He fell silent for a while and then added, "And he didn't understand me." -- gentoo-user@gentoo.org mailing list
