I thought I would just quote the manual to see if it makes sense to follow it (pages 35-36):<br><br>Any directory tree which a user has write permissions to, such as e.g. /home, /tmp<br>and /var/tmp/, should be on a separate partition. This reduces the risk of a user DoS<br>
by filling up your “/” mount point and rendering the system unusable (Note: this is<br>not strictly true, since there is always some space reserved for root which a normal user<br>cannot fill), and it also prevents hardlink attacks.<br>
 <br>A very good example of this kind of attacks using /tmp is detailed in The mysteriously persistently exploitable program (contest) (<a href="http://www.hackinglinuxexposed.com/articles/20031111.html">http://www.hackinglinuxexposed.com/articles/20031111.html</a>) and The myste-<br>
riously persistently exploitable program explained (<a href="http://www.hackinglinuxexposed.com/articles/">http://www.hackinglinuxexposed.com/articles/</a><br>20031214.html) (notice that the incident is Debian-related). It is basicly an attack in which a local user stashes<br>
away a vulnerable setuid application by making a hard link to it, effectively avoiding any updates (or removal)<br>of the binary itself made by the system administrator. Dpkg was recently fixed to prevent this (see 225692<br>
(<a href="http://bugs.debian.org/225692">http://bugs.debian.org/225692</a>)) but other setuid binaries (not controlled by the package manager) are<br>at risk if partitions are not setup correctly.<br><br>Mark<br><br><div class="gmail_quote">
On Mon, Apr 27, 2009 at 7:49 AM, Austin Godber <span dir="ltr">&lt;<a href="mailto:godber@uberhip.com">godber@uberhip.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I have occasionally found it handy to have /tmp on a separate<br>
partition.  Mainly to ensure that /tmp doesn&#39;t fill up accidentally<br>
which can lead to all sorts of unpleasantness and complicate recovery.<br>
<br>
Same applies pretty much across the board and bi directionally.<br>
<br>
Though separating out partitions of course comes with slightly increased<br>
complexity.<br>
<font color="#888888"><br>
Austin<br>
</font><div class="im"><br>
James Finstrom wrote:<br>
&gt; This was discussed a week or so ago (sorta). Generaly you want to keep<br>
&gt; home on it&#39;s own partition. Never seen the rest but could see some<br>
&gt; logic with var and opt not really tmp<br>
&gt;<br>
&gt; On 4/27/09, Mark Phillips &lt;<a href="mailto:mark@phillipsmarketing.biz">mark@phillipsmarketing.biz</a>&gt; wrote:<br>
&gt;<br>
&gt;&gt; I am setting up a new server for Plone/Zope sites on a Linode VPS. Reading<br>
&gt;&gt; the &quot;Securing Debian Manual&quot; (<br>
&gt;&gt; <a href="http://www.debian.org/doc/manuals/securing-debian-howto/" target="_blank">http://www.debian.org/doc/manuals/securing-debian-howto/</a>), it recommends<br>
&gt;&gt; separate partitions for /tmp, /home, /opt, and /var. I was talking with some<br>
&gt;&gt; of the Linode folks on IRC to find out how to set up separate partitions,<br>
&gt;&gt; and they felt that it was unnecessary to have separate partitions for a<br>
&gt;&gt; production server (regardless if it is on Linode or not).<br>
&gt;&gt;<br>
&gt;&gt; I am interested in any opinions on the subject from this list.<br>
&gt;&gt;<br>
&gt;&gt; Thanks!<br>
&gt;&gt;<br>
&gt;&gt; Mark<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
<br>
</div><div><div></div><div class="h5">---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
</div></div></blockquote></div><br>