hi... do you have some kind of installation/setup manual? that would be really interesting to see your steps, and try that myself.
I have some questions too: - how do you handle updates/ installation of new software? - how do you prevent someone who hacked the machine to remount '/' as writable - how do users update theirs passwords when '/etc' is read-only? greetz olli Am Freitag, den 13.06.2008, 14:47 -0300 schrieb A. Hamilton-Wright: > As devfs is running by default, it seems to me that > it would be relatively easy to run with a readonly > root partition, assuming that the directories under > which writing is necessary (ie; /tmp, /var, /home) > are located in separate, writable partitions. > > The main advantages are that none of the configuration > files or binaries in /etc and /usr (which may still > be on a separate readonly partition) are vulnerable > to attack (even from a local privilege escalation) > without remounting the partition as writable. > > This used to be a very common setup in the *NIX > world, so I am surprised to find little to no mention > of it in the archives. > > I set up my machine this way a couple of months back, > and have noticed some minor things (some few things > assume a writable /etc, notably including dump(8), > and the boot process update to /etc/motd). Once these > have been rectified by relocating the files and setting > up symlinks, there have been no problems. > > My questions are: > - does anyone else do this? > - if not, why not? > > _______________________________________________ > email@example.com mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"