robert at linuxfromscratch.org
Wed May 23 15:51:38 PDT 2007
On Wednesday May 23 2007 06:29:01 pm Jan Dvořák wrote:
> Robert Connolly wrote:
> > Do any of you know assembly well enough to convert this:
> > http://www.linuxfromscratch.org/~robert/new/dd.asm
> > to something gcc can compile? And remove all the options, making bs=1 the
> > default, and 'dd from-file to-file' the only thing it does.
> Oh man. Do we *really* need asm? I don't think so. If you consider libc
> unsecure, just forget about secure system. Make it simplest read/write C
> with hardcoded paths. That's tough enough for anyone to crack.
/bin/dd works fine, but with very small and specific things like this it's
nice to have the option of assembly.
> Or even better, just leave sysklogd running under root and chroot it
> only. What do we have GRSecurity chroot limits for then ensuring root
> won't escape from jail?
I have both klogd and syslogd running as normal users in empty chroots, with
the combination of Owl's and Ubuntu's patches. I'm having a problem with the
bootscript though, because 'dd' has to run in the background and I don't know
how to kill it safely when shutting down sysklogd. Is there a shell varable
for the pid returned after starting a program?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev