Security advisory for removing setuid programs.

Archaic archaic at indy.rr.com
Wed Nov 26 16:02:43 PST 2003


On Wed, Nov 26, 2003 at 10:46:54PM +0200, Kfir Lavi wrote:
> >
> I think SLFS is integral part of the LFS system, because if we compile 
> LFS and then start securing it, we will have to compile again, so we 
> will have to have a mechanizem for eliminate junk between compilations. 
> This in it self can be a security bridge.
> We need to test every program that has security patch after applying 
> them, and integrate it to LFS.
> This is the same routine as LFS current workings.
> This will make LFS, not just the Linux of choice, but also the most 
> secure... (LFS 9...11...) ;)

If this becomes a full-fledged book, then simply inserting links into
the LFS book would suffice. Just like it does with references to hints
and the BLFS book. Of course, if LFS wanted to go that route that would
be nice, but, patching software can make developers not want to support
our modified versions. For instance, this thread started with suid
programs. I cannot reproduce this here as I use the openwall patch and a
user (including root) cannot create a link (hard or soft) to a file he
doesn't own.

-- 
Archaic

"...The Bill of Rights is a literal and absolute document. The First
Amendment doesn't say you have a right to speak out unless the
government has a 'compelling interest' in censoring the Internet. The
Second Amendment doesn't say you have the right to keep and bear arms
until some madman plants a bomb. The Fourth Amendment doesn't say you
have the right to be secure from search and seizure unless some FBI
agent thinks you fit the profile of a terrorist. The government has no
right to interfere with any of these freedoms under any circumstances."

- Harry Browne, 1996 USA presidential candidate, Libertarian Party




More information about the lfs-security mailing list