stripping secure servers (was Re: releases and stuff)

Robert Connolly robert at linuxfromscratch.org
Wed Nov 17 16:08:10 PST 2004


Okay, fair enough. So putting gcc in /opt wouldn't be very usefull then? 
Because if someone were going to start doing stuff like that (having minimal 
applications installed) then they would be best off using packages, or a 
whole new build (busybox in chapter 6 with hlfs host); both of which are a 
whole place beyond hlfs.

robert

On November 15, 2004 07:46 am, Bennett Todd wrote:
> 2004-11-15T12:03:35 Robert Connolly:
> > I'm having trouble understanding how important it is to not have a
> > compiler on the system.
>
> I've seen both sides of this issue.
>
> One viewpoint, which I've often espoused, is that the first line of
> defense is the perimeter --- network listening daemons, for a
> hardened server --- and hardening against local exploits is only
> useful for shell servers with untrusted users, a very hard problem
> indeed; and that local hardening need only focus on suid executables
> and priviledge escalation paths (although the recently announced
> Linux ELF loader bugs are kinda scary that way).
>
> Another, which Marcus Ranum has advocated for years, has recently
> begun to appeal to me, mostly since I've noticed that Bent
> Linux makes it easy:-). This is to design completely hardened
> purpose-built servers that do absolutely nothing at all but offer
> their service, design them so that every file is accounted for,
> and no file is present that's not actually required to deliver the
> desired service. For some services, even /bin/sh is not necessary.
>
> Software packaging can make such purpose-built servers easier to set
> up; and BusyBox is a nice and handy scaffolding that's easy to put
> into place for the setup and config stage, then remove once the
> server is chugging along merrily leaving only the actual daemon[s]
> that offer service.
>
> The final door-closing involves removing busybox, and placing a
> small executable in /sbin/init that forks and execs a few
> invocations of the likes of ifconfig, and finishes by execing the
> daemon that offers public service.
>
> -Bennett



More information about the hlfs-dev mailing list