Suitability

Dagmar d'Surreal dagmar.wants at nospam.com
Sun Mar 28 07:52:37 PST 2004


On Sun, 2004-03-28 at 07:13, Adrian Fisher wrote:
> Hello there.
> 
> I am new to this list (and Linux in general) and would like to ask some 
> questions.
> 
> How much knowledge of Linux and Linux will I need to create a HLFS system?

Enough to perform simple  system administrative tasks without looking at
a HOWTO, I'd say.  There will be judgement calls to be made, so you'll
need to at least understand the basics of the way a multi-user unix
system works to make any kind of informed decision.

> What type of environment would such a system be uuseable for?

Any and all environments.  Security is not something you leave in for x
number of minutes and you're done, like some kind of hair treatment. 
Neither is it like becoming a monk and moving to Tibet to learn "the
answers".  It's a way of making the system do _exactly_ what you want,
and something you put on everything to the degree that it is needed,
like vegemite or ranch dressing.

> Is it just as a desktop machine or as a server as well?

Either can benefit from a little added security here and there (see
ranch dressing).

> When completed, how will the security of HLFScompare with the likes of 
> Open BSD which pridesitself on it's security?

We'll likely be much less of a pack of festering arseholes when asked
about it.

> When is the system likely to be ready for general use?

Hmm... 1.0 release.

> Will it include things like Java, MySQL and PHP?

Java, not likely.  There's little that can be done to it, and anything
that could be done to it would likely be categorized as a bug and not
worth making a section in the book for over just getting Sun to accept a
patch.

PHP is a programming language.  Granted, lots of people write incredibly
stupid code with it, and it's been notorious for coders who can't count
a buffer length with their shoes off, but there's nothing you'd do to
it, specifically, to make it more secure, aside from possibly pointing
large guns at your engineers and saying "You'd better not".

MySQL is a pretty complex system, with functionality needed by people
who tend to take storing their data very seriously.  This one might
actually warrant eventual inclusion in the book, or at least an overview
of how it's security works so that people won't make fools of themselves
with an overly permissive deployment.

For the most part, the things being put into the toolchain will increase
the security of all the binaries created with them by a modest amount,
without any other special instructions needed.  This by itself is worth
a bucketful of complete night's sleep.
-- 
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the hlfs-dev mailing list