Dirk Heinrichs wrote: > Am Samstag, 9. Mai 2009 14:46:39 schrieb Dale: > > >> Wasn't there a security reason for this setup at one time? If you put >> /boot on a separate partition, then the only time it needed to be >> mounted was to update the kernel or edit grub/lilo. That was what I was >> reading when I installed Gentoo oh so many ages ago. >> >> Is this still true? >> > > Of course, it needs to mounted rw for the few seconds needed to discover the > LVs, ask the user for the passphrase and create the dmcrypt mapping. Then > it's > unmounted again and remounted ro during normal system boot. I don't consider > this a security problem. If it was, I could also stop using Linux altogether, > since there are also other filesystem on my system which need to be mounted > rw > if the system should do something useful. > > Bye... > > Dirk >
I was talking about with just a plain file system. I read in a install guide somewhere when I was installing ages ago that having /boot on a separate partition, and not always mounted, was a good security practice. That way no one could alter the kernel since it was not mounted. I do agree that if a person was on the system and able to get root access, they could them mount the /boot partition as well. I never was really sure why this was thought to work. I used a separate /boot because for a while I was dual booting Mandrake and Gentoo. Old habit now I guess. Dale :-) :-)
