hlfs team

Robert Connolly cendres at videotron.ca
Sat Jan 10 13:36:53 PST 2004


On January 10, 2004 04:18 pm, Amanda Lynn Rossmiller wrote:
...
> > Read only root filesystem on first boot.
>
> sounds fun - what's it do?

To keep / from filling up and causing a denial of service.

>
> > If I remember right glibc or gcc make install attempts to send mail to
> > gnu after a successfull build. This is a privacy problem and should be
> > broken, if it actualy works.
>
> shouldn't take more than a small patch..
> what does it try to invoke? mail/sendmail ?

sed is probably enough. mail or sendmail yes.

>
> > Coreutils
> > -Replace /bin/false and /bin/true.
>
> why?

/bin/false is used in login rejection. Anything involved in that should be 
safe. The only thing false is supposed to do is return 1 and exit. Gnu's 
false does more by accepting --help and --version arguments. So, at least in 
my opinion, gnu false is unsafe for its task.

> > -If su is going to be used, sgid might be better.
>
> what's the matter with su?

Why should everyone have equal access to su? selinux/rsbac fixes this though.

>
> > Findutils
> > -Move /usr/var/locatedb to /var so /usr could posibly be read only. Also
> > if this database is owned by another user (bin) updatedb doesn't need to
> > run as root.
>
> isn't this default for lfs anyways?
> i don't recall having a /usr/var on my current lfs.

I think it gets created by updatedb. The default db can be changed in the 
command options too.





More information about the hlfs-dev mailing list