On Nov 24, 2004, at 20:30, Derek Martin wrote:
But she'll need a writable disk partition for storing mail related files, which introduces some (probably minute) measure of vulnerability. And, not being very familiar with knoppix, I'm not sure how you would have it automatically mount her home directory, except perhaps by custom-modifying the iso image an editing the fstab.
If you're modifying the fstab already, put a noexec mount option in there. It'll reduce the set of vulnerabilities to the ones that can get root and force a remount with exec.
Of course, Knoppix 20041124 ships with remote-root compromises we don't know about yet - the flip side of this CD-R is that you *can't* completely update the OS if you need to.
The last time I built a linux appliance, I had the boot scripts read updates from the hard drive into the root ramdisk (RAM is cheaper than cleaning up Mom's computer). The updates were downloaded daily. Of course, then you need that update mechanism and you have to maintain the update server and eventually the whole darn thing is updates if you don't reissue a CD on a regular basis.
-Bill ---- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Cell: 603.252.2606 http://www.bfccomputing.com/ Text: [EMAIL PROTECTED] AIM: wpmcgonigle Skype: bill_mcgonigle
_______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
