Berndt Josef Wulf said on 2000-10-24:

[gratuitous snip]

> Alternatively, if memory isn't much of a problem, create a CD with the
> desired filesystem and have it boot into a memory-based filesystem.

I'd like to keep away from any type of local writable storage (save
memory - but not mfs)... there are just too many ways to bring down files
to a comprimised system, then use those executables to do further
damage.  This way, a potential cracker has a limited set of tools at
his/her/their disposal.

> Should the system be comprimised or falling over, its a matter of
> seconds to reboot and have it up and running again.

Yep.  I'm hoping for that ;-)

> I don't know about your reasons of not using a local harddisk, but
> if it is for security reasons, there is nothing stopping anyone
> breaking into the firewall on any type of system if the opportunity
> exists due to a flaw in operating system or application.

Partially that reason - I'd rather not make it easy for the comprimised
system to host foriegn data (executables, etc...).  No log files to tamper
with.  No muss, no fuss.  And partially because this thing is gonna be on
day after day, and a spinning hard drive lays a lot of worry on my mind (I
know, I know - I'd get rid of the fan if it were easy ;-)

Mostly I'm just paranoid.  Mostly.

-yubyub
----------------------------------------------------------------
croquette - n.  A small cake of minced | SMTP: yubyub@yubyub.net
 food, such as poultry, vegetables, or | http://www.yubyub.net
 fish, that is usually coated with     | NetBSD on Sparc, Alpha
 bread crumbs and fried in _deep fat_. |  i386, Mac68k, VAX