| 1 |
schism@×××××××××.org wrote: |
| 2 |
> On Mon, Feb 01, 2010 at 01:35:10PM +0100, Hinnerk van Bruinehsen wrote: |
| 3 |
> |
| 4 |
>> But there is one thing which disturbs me: Since Gentoo (and hardened |
| 5 |
>> Gentoo) is sourcebased, i'll need a complete toolchain to keep the |
| 6 |
>> system up to date. |
| 7 |
>> |
| 8 |
>> I don't like the idea of giving this tools to someone who might |
| 9 |
>> compromise the server. |
| 10 |
>> |
| 11 |
> |
| 12 |
> Removing the toolchain is an old, common misconception whose originator |
| 13 |
> I would love to meet and slap some sense into. |
| 14 |
> |
| 15 |
In fact, this itself is the answer to what to do if you want to remove |
| 16 |
the toolchain. If you have several similar machines, you could use one |
| 17 |
to compile and build the .tbz2 packages for updates to deploy to those |
| 18 |
machines that do not have a toolchain. |
| 19 |
|
| 20 |
Having said that, I agree that removing the toolchain is weak defense |
| 21 |
and you should use rbac. |
| 22 |
|
| 23 |
-- |
| 24 |
|
| 25 |
Anthony G. Basile, Ph.D. |
| 26 |
Chair of Information Technology |
| 27 |
D'Youville College |
| 28 |
Buffalo, NY 14201 |
| 29 |
USA |
| 30 |
|
| 31 |
(716) 829-8197 |
Archives