No subject
Tue Nov 29 10:43:08 WST 2011
partitions per disk makes the system more secure? I honestly can't
think of one.
Andrew has suggested one reason why separate partitions (or even new
physical disks: there isn't any difference) are more secure. Clearly
from an integrity perspective if you can mount a filesystem like /usr
read-only then for an attacker to replace the system binaries on here
they need to kill off all the processes using /usr (hard to do without
being noticed) then unmount it and re-mount it read-write. Presumably
then they have to repeat the process and re-mount it read-only otherwise
the change probably will be noticed.
However, the security issue I immediately thought of was more
availability-oriented. If you divide up your system into separate
filesystems then you can set user quotas on each of these filesystems
and it gives you much more control over managing allocation of disk
space to ordinary users.
These aren't enormous security advantages but they don't hurt. And I
still can't think of any security advantages to having a single
partition. Maybe you should ask them to provide an explanation of this?
--
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066 7267 8BED E9D6 0EC1 D28C
More information about the plug
mailing list