Security advisory for removing setuid programs.
kfirlavi at actcom.co.il
Wed Nov 26 12:46:54 PST 2003
> On Wed, Nov 26, 2003 at 12:57:35PM +0100, Nico R. wrote:
>>I think some changes like the read-only filesystem should go into the
>>LFS book as well, since they do not cause any harm (as far as I can
>>think of), are rather easy to implement (a sed/patch for glibc and a
>>symlink, IIRC?) and are really useful...
> No. I'm actually talking about a new book. This stuff isn't the goal or
> purpose of LFS.
>>Another thought, what about gcc security patches like the one(s?) used
>>in OpenBSD? To prevent stack overflows.
> ashes and I have been doing test builds. He's contacted maintainers and
> such and has written a hint for propolice. It's pretty solid, but
I think SLFS is integral part of the LFS system, because if we compile
LFS and then start securing it, we will have to compile again, so we
will have to have a mechanizem for eliminate junk between compilations.
This in it self can be a security bridge.
We need to test every program that has security patch after applying
them, and integrate it to LFS.
This is the same routine as LFS current workings.
This will make LFS, not just the Linux of choice, but also the most
secure... (LFS 9...11...) ;)
IRC Nick: rommanissi
More information about the lfs-security