Security advisory for removing setuid programs.

Andrew Calkin calkin at ieee.org
Tue Nov 25 21:20:01 PST 2003


On Tue, Nov 25, 2003 at 11:35:07PM -0500, Archaic wrote:
> On Wed, Nov 26, 2003 at 10:32:29AM +1100, Ryan.Oliver at pha.com.au wrote:
> > 
> > > (Which make me wonder if there would be any support for creating an SLFS
> > > book that went through and systematically hardened an LFS/BLFS system
> > > step-by-step.)
> > 
> > Would be a FANTASTIC idea ;-)
> > It's one of the reasons I ended up here in the first place...
> > (secure firewalling routers/bridges, DMZ systems)
> > 
> > Would be a great place to dump the "chrooting services" stuff we were
> > working on... (still haven't got around to writing anything up though :-/ )
> > Also a good place to shunt in the read-only root filesystem...
> 
> Yeah, I think we pretty much have proftpd done. I still need to check
> out dev/log. It probably would go quicker if we had a more people help
> as you and I have run into many slow downs periods. Life just keeps
> getting the way of lfs'ing. :)
> 
> > Hey, you interested possibly in working through an SELinux build process?
> 
> I'm still on the fence. SELinux or grsecurity. grsecurity has become
> quite similar to SELinux and apparently SELinux mught have some
> licensing problems.
> 
> > Would dearly like to get back to it at some point but it's a bit much to do
> > on your own...
> 
> Ain't that the truth. It seems that with a group of people, we could do
> the most fundamental, yet most overlooked principle in security; code
> auditing. At least to some extent. And package-by-package configuration.
> There's so much that could be done. The initial work would undoubtedly
> be the hardest/ Once that was done, it would be a lot smoother.
> 
> > Let me know... just now signing up to the lfs-security mailing list...
> 
> Ok. I'm CC the list, then, since you are now subbed. :)
> 
> -- 
> Archaic
> 
> Government should be weak, amateurish and ridiculous. At present, it
> fulfills only a third of the role.
> 
> - Edward Abbey
> 
> -- 
> http://linuxfromscratch.org/mailman/listinfo/lfs-security
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page
Joining the list also. I would like to get into linux security related
things issues too. Have been following this thread and all links
mentioned intently.

//Andrew



More information about the lfs-security mailing list