OpenSSH Trojan

Dagmar d'Surreal dagmar at speakeasy.net
Fri Aug 2 09:33:43 PDT 2002


On Fri, 2002-08-02 at 10:14, Don Smith wrote:
> I think we should remember that LFS is *only* designed to show you how
> to build a Linux system from sources. Adding security to the LFS book
> would just add confusing complexity to what is now a complex enough
> process and make the book that much larger.

Well... I wouldn't go quite so far as to declare that security shouldn't
figure into things at all.  A sentence or a paragraph here or there that
says "such-and-such file/directory should _never_ be
world-writeable/group-readable" etc can go a long way towards helping
newbies avoid painful pitfalls.  At the moment I can't think of any
severe ones that would apply (although I may in the future) so it's moot
now, but might be a bad precedent in case it becomes un-moot later.

...actually, now that that's come to mind, I'll go back through the
thing and check again.  Little things like "If you don't need normal
user accounts mounting filesystems, you can actually strip the suid bit
from /bin/mount." can be really helpful later on.


-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list