stripping secure servers (was Re: releases and stuff)

Archaic archaic at
Mon Nov 15 06:23:09 PST 2004

On Mon, Nov 15, 2004 at 12:46:48PM +0000, Bennett Todd wrote:
> Another, which Marcus Ranum has advocated for years, has recently
> begun to appeal to me, mostly since I've noticed that Bent
> Linux makes it easy:-). This is to design completely hardened
> purpose-built servers that do absolutely nothing at all but offer
> their service, design them so that every file is accounted for,
> and no file is present that's not actually required to deliver the
> desired service. For some services, even /bin/sh is not necessary.

Wow. Even I don't go that far, and most people consider me paranoid. ;)
I might just have to look into this more. :)


Idealism is the noble toga that political gentlemen drape over their
will to power.

- Aldous Huxley

More information about the hlfs-dev mailing list