Security advisory for removing setuid programs.

Nico R. n-roeser at gmx.net
Wed Nov 26 03:57:35 PST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

> On Wed, Nov 26, 2003 at 10:32:29AM +1100, Ryan.Oliver at pha.com.au
> wrote:
[...]
>> Would be a great place to dump the "chrooting services" stuff we were
>> working on... (still haven't got around to writing anything up though
>> :-/ ) Also a good place to shunt in the read-only root filesystem...

I think some changes like the read-only filesystem should go into the
LFS book as well, since they do not cause any harm (as far as I can
think of), are rather easy to implement (a sed/patch for glibc and a
symlink, IIRC?) and are really useful...

I don't assume every other book maintainer agrees on that, but I'd be
happy to see something here like it happened with the PLFS integration.
First, create a somewhat improved system/build method, and then
integrate it into the book (or parts of it that can be useful for
everybody).


Another thought, what about gcc security patches like the one(s?) used
in OpenBSD? To prevent stack overflows.

Have fun,
- -- 
Nico
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/xJUzxI5uhYOGv4URAmu/AJ0edl5XkElMfBtmCaMmTvsdPAEcfwCg3bsh
AoZX2QHBz6csJ25mbxoebDc=
=oeJm
-----END PGP SIGNATURE-----



More information about the lfs-security mailing list