Neil Bothwick wrote: > On Sat, 09 May 2009 08:15:09 -0500, Dale wrote: > > >> I was talking about with just a plain file system. I read in a install >> guide somewhere when I was installing ages ago that having /boot on a >> separate partition, and not always mounted, was a good security >> practice. That way no one could alter the kernel since it was not >> mounted. >> > > That's a bit of a red herring IMO. If anyone can alter your kernel they > can mount the filesystem. The argument about protecting the kernel from > corruption is similarly spurious, since you always have a spare copy > in /usr/src/linux anyway. The main reason for doing this was because some > BIOSes could work past cylinder 1024 of a drive, so you needed to ensure > the kernel was on a filesystem fully within that area. > > If it were a security issue, then the Gentoo handbook would have > recommended this practice for all architectures, not just x86-based ones. > > >
That was my thoughts as well. You have to be root to get to the kernel and alter/copy it and if you are root, you can mount it anyway. No real point. I do get the old BIOSes tho. That was a issue for a good while. Dale :-) :-)
