Historical reasons aside, some operating systems (like OpenBSD) are designed to ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

yellowapple on Aug 29, 2015 | parent | context | favorite | on: Linux workstation security checklist

Historical reasons aside, some operating systems (like OpenBSD) are designed to be able to implement different security policies by filesystem. For example, you could mark a given filesystem as executable or non-executable, adding yet another layer of security (at least policy-wise) to a system. And really, with things like LVM and btrfs, there's little reason why this is a bad idea anymore, since expanding subvolumes/LVs is generally trivial.

Tiksi on Aug 29, 2015 [–]

You can do that in linux by bind mounting a folder to itself with the more secure options. I have a couple systems where I do this to have directories noexec, nosuid, etc. Kinda hackish but useful.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact