OpenSSH Trojan

Scot Mc Pherson scot at linuxfromscratch.org
Sat Aug 3 13:49:35 PDT 2002


On Sat, 03 Aug 2002 11:28:07 -0400, Don Smith wrote:

> Dagmar d'Surreal wrote:
>> 
>> On Fri, 2002-08-02 at 10:14, Don Smith wrote:
>> > I think we should remember that LFS is *only* designed to show you
>> > how to build a Linux system from sources. Adding security to the LFS
>> > book would just add confusing complexity to what is now a complex
>> > enough process and make the book that much larger.
>> 
>> Well... I wouldn't go quite so far as to declare that security
>> shouldn't figure into things at all.  A sentence or a paragraph here or
>> there that says "such-and-such file/directory should _never_ be
>> world-writeable/group-readable" etc can go a long way towards helping
>> newbies avoid painful pitfalls.  At the moment I can't think of any
>> severe ones that would apply (although I may in the future) so it's
>> moot now, but might be a bad precedent in case it becomes un-moot
>> later.
>> 
>> ...actually, now that that's come to mind, I'll go back through the
>> thing and check again.  Little things like "If you don't need normal
>> user accounts mounting filesystems, you can actually strip the suid bit
>> from /bin/mount." can be really helpful later on.
> 
> True, but I don't think LFS is aimed at complete newbies. I think that a
> warning at the beginning of the book saying that the Linux system
> created this way is not totally secure and a few links to helpful items
> would be much more appropriate.
> 
> Don
 
I think that is a little unnecessary, being that all linux systems are
not totally secure ever even if you know what you are doing.  Installing
RedHat doesn't inherently make that box more secure than installing LFS
on one.  It all in administration and practices.

Scot
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list