1 |
schism@×××××××××.org wrote: |
2 |
> On Mon, Feb 01, 2010 at 01:35:10PM +0100, Hinnerk van Bruinehsen wrote: |
3 |
> |
4 |
>> But there is one thing which disturbs me: Since Gentoo (and hardened |
5 |
>> Gentoo) is sourcebased, i'll need a complete toolchain to keep the |
6 |
>> system up to date. |
7 |
>> |
8 |
>> I don't like the idea of giving this tools to someone who might |
9 |
>> compromise the server. |
10 |
>> |
11 |
> |
12 |
> Removing the toolchain is an old, common misconception whose originator |
13 |
> I would love to meet and slap some sense into. |
14 |
> |
15 |
In fact, this itself is the answer to what to do if you want to remove |
16 |
the toolchain. If you have several similar machines, you could use one |
17 |
to compile and build the .tbz2 packages for updates to deploy to those |
18 |
machines that do not have a toolchain. |
19 |
|
20 |
Having said that, I agree that removing the toolchain is weak defense |
21 |
and you should use rbac. |
22 |
|
23 |
-- |
24 |
|
25 |
Anthony G. Basile, Ph.D. |
26 |
Chair of Information Technology |
27 |
D'Youville College |
28 |
Buffalo, NY 14201 |
29 |
USA |
30 |
|
31 |
(716) 829-8197 |