Timeline for Unmount /boot after booting
Current License: CC BY-SA 4.0
26 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 8, 2022 at 13:16 | history | rollback | Krackout | Rollback to Revision 2 | |
| Apr 8, 2022 at 13:12 | comment | added | Krackout | @ThorbjørnRavnAndersen No, I'm not. That's the difference between "all possible directions" contrary to "all directions". | |
| Apr 8, 2022 at 13:06 | comment | added | Thorbjørn Ravn Andersen | "all possible directions." - are your sure your CPU does not contain malware in microcode? | |
| Apr 8, 2022 at 12:17 | comment | added | U. Windl | Did you consider installing a fake kernel in mount point /boot and then mount the real one over it? Security by obscurity at its best. Only make sure you understand what's going on. | |
| Apr 7, 2022 at 20:46 | comment | added | Cole Tobin | @Philippos Maybe to prevent rm -rf --no-preserve-root / from bricking their efivarfs "partition" ;) github.com/systemd/systemd/issues/2402 | |
| Apr 7, 2022 at 8:36 | comment | added | Krackout | @serv-inc, yes, BSDs were considered, OpenBSD included of course. But due to existing custom Linux kernel modules (it was discussed on Austin Hemmelgarn's answer in conjunction with UEFI secure boot) the proposal was dropped. More time and dev effort would be needed for them to work on other OSes. | |
| Apr 7, 2022 at 8:09 | comment | added | serv-inc | If you are really interested in security, have you considered OpenBSD, which, by many, is considered the most secure, fully-featured operating system ? | |
| Apr 6, 2022 at 19:07 | comment | added | Console Catzirl | You don't need to mount it in the first place. My fstab entry for /boot includes a noauto option, and I don't mount it until I'm going to update my kernel. | |
| S Apr 6, 2022 at 17:30 | history | suggested | psmears | CC BY-SA 4.0 | Improve wording and grammar |
| Apr 6, 2022 at 13:55 | answer | added | Rob Pearce | timeline score: 3 | |
| Apr 6, 2022 at 10:52 | review | Suggested edits | |||
| S Apr 6, 2022 at 17:30 | |||||
| Apr 6, 2022 at 5:49 | comment | added | Philippos | @Krackout If someone asks me how thick an aluminium hat needs to be for protection, the question is very specific, but I will still ask back: Protection against what? | |
| Apr 6, 2022 at 1:40 | comment | added | Joseph Sible-Reinstate Monica | When exactly would an attacker have been able to modify anything in /boot if it were mounted, but not be able to just remount it? | |
| S Apr 5, 2022 at 19:19 | vote | accept | Krackout | ||
| Apr 5, 2022 at 18:23 | comment | added | doneal24 | You can be caught in a rabbit hole very quickly if you look at "all possible directions". Consider the actual return on a given action (for example, a user who could affect files in /boot would already have privs to mount /boot) and weigh them against difficulty in implementing and in possible consequences. | |
| Apr 5, 2022 at 17:27 | answer | added | telcoM | timeline score: 5 | |
| Apr 5, 2022 at 17:25 | answer | added | Austin Hemmelgarn | timeline score: 6 | |
| Apr 5, 2022 at 14:58 | history | became hot network question | |||
| Apr 5, 2022 at 13:58 | answer | added | Philip Couling | timeline score: 9 | |
| Apr 5, 2022 at 10:35 | vote | accept | Krackout | ||
| S Apr 5, 2022 at 19:19 | |||||
| Apr 5, 2022 at 8:55 | answer | added | MC68020 | timeline score: 16 | |
| Apr 5, 2022 at 8:34 | answer | added | Philip Couling | timeline score: 27 | |
| Apr 5, 2022 at 7:45 | history | edited | Krackout | CC BY-SA 4.0 | deleted 1 character in body |
| Apr 5, 2022 at 7:33 | comment | added | Krackout | It doesn't matter; the demand is to minimize attack surface at all possible directions. Many other measures will be taken, I'm asking for something very specific. | |
| Apr 5, 2022 at 7:13 | comment | added | Philippos | Security against what? Please share the possible attack scenario(s) you want to defend. | |
| Apr 5, 2022 at 6:58 | history | asked | Krackout | CC BY-SA 4.0 |