Life in an insecure world
Martin Langhoff
martin.langhoff at gmail.com
Mon Feb 9 18:07:52 EST 2009
On Tue, Feb 10, 2009 at 11:31 AM, C. Scott Ananian <cscott at laptop.org> wrote:
>> Do you mean having it on a separate partition? How do you decide space
>> dedicated to the partition?
>
> No, you can bind-mount subtrees read-only.
But then, it still has to reside somewhere in the / filesystem. And
that somewhere will get nuked...
Am I missing some cunning step? My stupid test seems to indicate that
a simple mount won't protect us...
$ sudo mkdir -p /secret/path/to/versions
$ sudo touch /secret/path/to/versions/afile
$ sudo mkdir /versions
$ sudo mount -o ro,bind /secret/path/to/versions /versions
$ ls /versions
afile
$ sudo rm -fr /secret
$ ls /versions
$ uname -a
Linux martin-onyx 2.6.27-11-generic #1 SMP Thu Jan 15 11:03:58 UTC 2009 i686 GNU
/Linux
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Devel
mailing list