System partitions and security
For a long time (too long if you ask me), people have been preaching that partitioning was good for security.
The "filesystem full" argument
If I use a separate partition for
/var/log, when the log gets full it will not DoS my machine
Two problems here:
- The log should never get full: use logrotate, backup old logs and remove them from the working system. Review your logs regularly!!!
- If the the log directory does get full there are two more problems:
- programs will start crashing because they can't log anymore and they didn't expect that to happen,
- It is very dangerous to run without keeping traces (a smart attacker may create a lot of fake noise in order to get your logs full prompting the system to stop logging, before carrying on the real attack which will be unrecorded due to lack of logs)
Conclusion: creating a separate partition for /var/log is a false
sense of security.
The "mount option" argument
/tmpwithnosuidoption and/usrwithro(read-only) option.
Mounting /tmp with nosuid is hardly a security
enhancement. The only interesting kind of suid files that are really interesting
are suid-root files. To create such a file you need to be root. If you are root
already (using an exploit payload or with a root-shell) you can very well remount
/tmp without the no-suid option...
Mounting /usr with ro option is exactly the same false
sense of security. To write in /usr you need to be root to start with,
and if you already are, you can remount it without the restriction.
If you truly want to prevent non authorized users (including an attacker who
succeeded in getting a rootshell on your system) to write to /usr
consider using the excellent RSBAC, a Linux
implementation of Trusted Operating Systems security policies. Obviously RSBAC
allows you to do a great deal more than just that.
The "easier to upgrade" argument
/homedirectory, it is easier to upgrade my system.
That is true only if you upgrade your system the Windows way: "Reformat
and reinstall". Otherwise, any decent Linux distribution, or any other
decent Unix flavor will let you upgrade without ever touching anything in
/home
The problems of partitioning
- Limited number of partitions: x86 systems let you create a maximum of 4 primary partitions per disk. You can elect to use extended partitions instead which themselves allow you to create 4 partitions per extended partition. The bottom line is that you have a limited number of partitions, so use them wisely.
- Partition full while others are free: if you have 10 megs free in your
/bootpartition, that's 10 megs that/var/logor any other directory cannot use since it is on another partition. Some smartasses thereafter use soft-link like/var/log/httpd->/boot/httpdlogbut needless to say that these are ugly tricks. - Tinkering with the partition table: is very dangerous, if you screw up your partition table, your system will be lost (unless you do like me and keep a print-out of all your machines' partition tables in a printed file so you can later re-layout and restore the partition table by hand in case of a problem).
Conclusion
Don't use partitions believing that it will tremendously enhance your security:
it will, but only ever so slightly. Partitions are generally a pain when you're
running out of space, and today we don't really need partitions anymore with
filesystems that support very large partitions and all.
You have been warned...
| Permalink
Technorati tags: unix | linux | system | partition | security | logs |
Add a comment
