FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-08-2012, 01:07 PM
Stayvoid
 
Default Securing Debian Manual: 4.9 Mounting partitions the right way

Hello.

"This sounds great, but it: only applies to ext2 or ext3 file systems…" [1]
What about ext4 (and others)?

[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html

Cheers


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAK5fS_HDs3gNMSkX1hF0cACXh7uoEArS2R_c+y3h-=mPGCN-sw@mail.gmail.com">http://lists.debian.org/CAK5fS_HDs3gNMSkX1hF0cACXh7uoEArS2R_c+y3h-=mPGCN-sw@mail.gmail.com
 
Old 03-08-2012, 10:39 PM
Andrei POPESCU
 
Default Securing Debian Manual: 4.9 Mounting partitions the right way

On Jo, 08 mar 12, 17:07:21, Stayvoid wrote:
> Hello.
>
> "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1]
> What about ext4 (and others)?

You may safely assume ext4 includes any features that ext2 and ext3
include.

Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 03-09-2012, 02:41 PM
Kelly Clowers
 
Default Securing Debian Manual: 4.9 Mounting partitions the right way

On Thu, Mar 8, 2012 at 15:39, Andrei POPESCU <andreimpopescu@gmail.com> wrote:
> On Jo, 08 mar 12, 17:07:21, Stayvoid wrote:
>> Hello.
>>
>> "This sounds great, but it: only applies to ext2 or ext3 file systems…" [1]
>> What about ext4 (and others)?
>
> You may safely assume ext4 includes any features that ext2 and ext3
> include.
>

nosuid, nodev, etc can be applied to at least xfs, jfs, reiserfs/reiser4, btrfs
and probably others. Ntfs, fat32, hfs, etc maybe, maybe not. Those flags
are probably implemented largely in the vfs layer.

Ah, yes, from Linux 3.1, /include/linux/fs.h:

/*
* These are the fs-independent mount-flags: up to 32 flags are supported
*/
#define MS_RDONLY 1 /* Mount read-only */
#define MS_NOSUID 2 /* Ignore suid and sgid bits */
#define MS_NODEV 4 /* Disallow access to device special files */
#define MS_NOEXEC 8 /* Disallow program execution */
....

Not really sure why it says it is ext* only.
Also worth noting: as we move to a cleaned up FS with /run and
/tmp a tmpfs by default, it might be easier to make /var and /tmp
noexec... var especially doesn't seem to me to have any business
having executable files.


Cheers,
Kelly Clowers


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAFoWM=9yjCafGb94HstMj1GjxpxY25bkRpHAv33X782tiOqWi g@mail.gmail.com">http://lists.debian.org/CAFoWM=9yjCafGb94HstMj1GjxpxY25bkRpHAv33X782tiOqWi g@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 05:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org