archaic at indy.rr.com
Wed Jan 21 09:50:22 PST 2004
On Wed, Jan 21, 2004 at 08:37:59AM -0500, Robert Connolly wrote:
> et_dyn is almost the same problem as with propolice (until glibc 2.3.3
> releases). To build glibc with et_dyn, you'll need crt1S.o either on
> the host (from glibc-2.3.3) or in chap5. And crt1S.o can only be used
> by a binutils that understands -pie. The rest affects hgcc.sh. et_dyn
> isn't stabilized yet. chpax is needed on a real system to disable
> et_dyn on some binaries. At least one of the glibc programs uses an
> executable stack, so glibc needs a patch, xfree86 is also affected.
> Since there are enough other things to do, I would prefer to develop
> the stable technologies first, and leave et_dyn for later. gcc-3.4's
> -pie will be superior to what they have now, and FSF binutils should
> release with -pie by the time gcc-3.4 releases. However much of the
> work for et_dyn has already been done by gentoo, and it would be very
> easy to add it to hlfs. Enforcing non-executable stack would be a bit
> extra work and patches.
Okay, then we will wait on et_dyn. BTW, glibc-2.3.3 has been out since
December and LFS CVS is currently using it so we need to test with that.
> Today I'm looking at installing su in /tools so root can su down to
> uid1. I think it would be safe to allow uid1 to own everything except
> /boot and /etc.
Yes. Similar to package users which I've been using for 2 years now.
> Sudo is a vulnerability in itself.
> Any school of thought in unix says we should not be using root to do
> everything, like we do in chap6.
Actually all main shools of thought say we *should* use root to build a
system as that is a systems function. Users should not be doing any
> I realize its safer to have root own system binaries.
No it isn't. The only safety is the the user *doesn't* own the binaries.
> This is an experiment to see if some of root's trust can come off on
It can. The only things installed on my systems that are root owned are
the kernel, nvidia driver, a couple of devs, and the occasional suid
program (which I have only 2 on this system and everything works fine).
> I can't think of any serious disadvantage to this, but I am curious as
> why no distros do it. This is more secure because it uses the least
> possible privileges to complete a task. User daemon(uid6) could be a
> sister to bin(uid1), running maintence tasks that don't need root, or
> a special user.
Yep. There's still a lot we have to hash out.
[W]hat country can preserve its liberties, if its rulers are not warned
from time to time that [the] people preserve the spirit of resistance?
Let them take arms...The tree of liberty must be refreshed from time to
time, with the blood of patriots and tyrants.
- Thomas Jefferson, letter to Col. William S. Smith, 1787
More information about the hlfs-dev