hi Robin, > Due to bad design of some system programs > you need / to be mounted rw at boot :-(. > It should be possible to later remount / as ro, but you certainly can't > do it at boot. ok, didn't know that.
> If you are certain you aren't going to run anything that puts suid code > in /var, then add nosuid there. how can I determine if there is suid code put into /var ? > qmail, vpopmail and a few other programs do put suid code in /var, so I > don't suggest it by default. is there a way to configure them to some other behaviour? > The noexec on /tmp will save you from a LOT of trouble, as the great > majority of rootkits try to run from there. On the other hand, it will > break some scripts (the livecd creation script for eg), so YMMV. understood. thx! > For security, i'd suggest you take a look at the Gentoo SELinux stuff. is already running! ;-) regards /Christian mailto:[EMAIL PROTECTED] --- I propose that the following character sequence for joke markers: :-) 19-Sep-82 11:44 Scott E Fahlman -- [EMAIL PROTECTED] mailing list
