Subject: Re: Preventative security features?
To: None <>
From: Tim Kelly <>
List: tech-security
Date: 11/13/2004 21:31:30
In the same topic as what is being discussed, I think that the default
partitioning scheme for the installer needs revising. I did a fresh RC2
install (macppc) a couple weeks ago and found that it still had a
default / of 32M and the rest to /usr. A PR was filed in the past:

NetBSD Problem Report #22508

when installing on 2G drive w/ less than 100mb root partition sysinst
failed.  Ran out of space in /tmp.  Workaround was to symlink /tmp into
/usr/tmp to get enough space.

On a disk of this size, sysinst automagic partitioning created a
root partition small enough for this problem to appear.

Just as a reminder, /tmp, /var, /home, and /root are on the same
partition as / in the default install. While most people will have their
own partitioning scheme, I feel that the default partition scheme should
be a good option out of the box.

I offer the following for discussion as a default scheme

/ mounted as a read-only partition
/var mounted as a write-only partition
/tmp on its own partition (and an mfs has been considered, as I
/root on its own partition (with appropriate permissions)
/home on its own partition
/usr on its own partition, possibly read-only

These do reflect some influence by OpenBSD, although not exclusively.
They may also be consistent with general practices. My point is that if
there is already a general approach to secure installations, they should
be incorporated in the system installer. At the very least, they should
be offered as an option to the user through a question and answer
approach(will you be installing X, will you have multiple users, will
you be building -current userland, et al) that then allow for an
intelligent calculation of dividing up the hard drive. The read/write
only permissions should be set in the default installation and the user
should be required to learn about kernel security levels in order to
make changes, even to install packages in /usr, but perhaps there should
be an option to install packages during the system installation (do you
want to install packages, which editors do you want to install, which
shells do you want to install, et al).

From the new user's perspective, it is a preventative
measure that will help secure the installation, encourage learning, and
prevent seriously screwing up the installation (as I did recently when I
accidentally blew away my /etc on RC2 with an RC4 "reinstall sets"
instead of an upgrade and found myself locked out as root from my serial
console with no users to su from, I spend most of my time in hardware
interfacing, not OS administration, so not everyone using NetBSD is an
experienced BSD user).

No one will complain about making it easier to install NetBSD, which is
certainly consistent with "security without the hype."