Plans for BTRFS in Fedora
James Ralston
qralston+ml.redhat-fedora-devel at andrew.cmu.edu
Fri Mar 4 20:32:07 UTC 2011
On 2011-02-26 at 17:33-05 Lyos Gemini Norezel <lyos.gemininorezel at gmail.com> wrote:
> On 02/23/2011 06:38 PM, James Ralston wrote:
>
> > Separate LVM logical volumes can help mitigate consumption-based
> > DoS attacks.
> >
> > For example: if /tmp and /var/tmp are separate LVM logical
> > volumes, then a runaway/malicious process cannot fill up the
> > entire filesystem merely by filling up /tmp or /var/tmp.
>
> For the sake of brevity... I already understand the encrypted
> volumes argument... but I still fail to see why /tmp, /var/tmp/,
> /opt, /usr, etc need to have their own partitions.
I mentioned one: any filesystem tree that grants regular users write
access should have some way to prevent DoS attacks. Making that
subdirectory tree a separate filesystem is one way to do it.
Another reason to isolate user-writable subdirectory trees to separate
filesystems is to make certain types of security attacks more
difficult (by removing the ability of a regular user to create a hard
link to a file).
> The more complex a system is... the more likely it is to fail.
Generally speaking, yes. But sometimes the benefits provided by the
increased complexity are worth the (negligible in this case, IMHO)
increase in risk.
More information about the devel
mailing list