OpenSSH Trojan

Don Smith don_smith at att.net
Sat Aug 3 08:28:07 PDT 2002


Dagmar d'Surreal wrote:
> 
> On Fri, 2002-08-02 at 10:14, Don Smith wrote:
> > I think we should remember that LFS is *only* designed to show you how
> > to build a Linux system from sources. Adding security to the LFS book
> > would just add confusing complexity to what is now a complex enough
> > process and make the book that much larger.
> 
> Well... I wouldn't go quite so far as to declare that security shouldn't
> figure into things at all.  A sentence or a paragraph here or there that
> says "such-and-such file/directory should _never_ be
> world-writeable/group-readable" etc can go a long way towards helping
> newbies avoid painful pitfalls.  At the moment I can't think of any
> severe ones that would apply (although I may in the future) so it's moot
> now, but might be a bad precedent in case it becomes un-moot later.
> 
> ...actually, now that that's come to mind, I'll go back through the
> thing and check again.  Little things like "If you don't need normal
> user accounts mounting filesystems, you can actually strip the suid bit
> from /bin/mount." can be really helpful later on.

True, but I don't think LFS is aimed at complete newbies. I think that a
warning at the beginning of the book saying that the Linux system
created this way is not totally secure and a few links to helpful items
would be much more appropriate.

Don
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list