Security advisory for removing setuid programs.

Archaic archaic at indy.rr.com
Tue Nov 25 20:35:07 PST 2003


On Wed, Nov 26, 2003 at 10:32:29AM +1100, Ryan.Oliver at pha.com.au wrote:
> 
> > (Which make me wonder if there would be any support for creating an SLFS
> > book that went through and systematically hardened an LFS/BLFS system
> > step-by-step.)
> 
> Would be a FANTASTIC idea ;-)
> It's one of the reasons I ended up here in the first place...
> (secure firewalling routers/bridges, DMZ systems)
> 
> Would be a great place to dump the "chrooting services" stuff we were
> working on... (still haven't got around to writing anything up though :-/ )
> Also a good place to shunt in the read-only root filesystem...

Yeah, I think we pretty much have proftpd done. I still need to check
out dev/log. It probably would go quicker if we had a more people help
as you and I have run into many slow downs periods. Life just keeps
getting the way of lfs'ing. :)

> Hey, you interested possibly in working through an SELinux build process?

I'm still on the fence. SELinux or grsecurity. grsecurity has become
quite similar to SELinux and apparently SELinux mught have some
licensing problems.

> Would dearly like to get back to it at some point but it's a bit much to do
> on your own...

Ain't that the truth. It seems that with a group of people, we could do
the most fundamental, yet most overlooked principle in security; code
auditing. At least to some extent. And package-by-package configuration.
There's so much that could be done. The initial work would undoubtedly
be the hardest/ Once that was done, it would be a lot smoother.

> Let me know... just now signing up to the lfs-security mailing list...

Ok. I'm CC the list, then, since you are now subbed. :)

-- 
Archaic

Government should be weak, amateurish and ridiculous. At present, it
fulfills only a third of the role.

- Edward Abbey




More information about the lfs-security mailing list