1 |
How about the ability to install a gentoo system on a 20MB partition? |
2 |
The ability make a profile not containing gcc, glibc and portage would |
3 |
be nice. |
4 |
|
5 |
-John |
6 |
|
7 |
|
8 |
Brian Harring wrote: |
9 |
> |
10 |
> On Monday, September 1, 2003, at 02:04 AM, Steven Elling wrote: |
11 |
> |
12 |
>> On Sunday 31 August 2003 13:14, John Nilsson wrote: |
13 |
>> |
14 |
>>> Some requirement thoughts: |
15 |
>>> A network of gentoo hosts should have only one portage processing server |
16 |
>>> and any number of installation leafs. |
17 |
>>> |
18 |
>>> First of all portage needs to easily handle more than one installation. |
19 |
>>> Second the "leaf-installations" should have a very strict minimum |
20 |
>>> requiremnts. |
21 |
>>> Third redundancy is probably important. The information to restore a |
22 |
>>> lost "leaf" should be availible on booth the portage host and on the |
23 |
>>> leaf it self. |
24 |
>> |
25 |
>> |
26 |
>> I think this is something sorely needed. I'm reading some books on |
27 |
>> securing |
28 |
>> Linux servers and on a bastion host (or any host in a DMZ for that |
29 |
>> matter) |
30 |
>> there should not be a compiler or any include files. The reason why |
31 |
>> is if |
32 |
>> the system were compromised it would limit the cracker from compiling and |
33 |
>> installing a root kit. |
34 |
> |
35 |
> It would limit them to having to install a root kit, or install a |
36 |
> compiler (and needed headers). Kind of pointless though, since if |
37 |
> they've managed to elevate their rights to the level of installing a |
38 |
> root kit, lack of a compiler is merely an annoyance to them at that point. |
39 |
> Maybe I'm missing something, but this strikes me as nothing more then an |
40 |
> annoyance to someone after they've *already* cracked the box. To me |
41 |
> it's like littering tacks throughout your house, hoping to slow down the |
42 |
> robber who has already broke into your house- yeah, it'll likely slow |
43 |
> him down, but it's also a makes things a pain in the arse for the home |
44 |
> owner... |
45 |
> Of course, as I said, perhaps I'm missing something... |
46 |
> |
47 |
>> As it stands right now, a Gentoo based system |
48 |
>> requires gcc, includes, and all their friends to operate and be managable |
49 |
>> (Note: Gentoo alone does not have this problem. RedHat, Debian, and every |
50 |
>> kitchen sink distro does the same). |
51 |
>> |
52 |
>> I like Gentoo, but it is not a viable option to the security concious and |
53 |
>> enterprises because it does not support such a feature in addition to |
54 |
>> central package management. |
55 |
> |
56 |
> I'd agree on the central package management aspect- the ability to |
57 |
> control and push updates out (after securing the method/control channels |
58 |
> in some manner) would be quite nice. None the less, I'd tend to think |
59 |
> (opinion of course) gentoo is quite fine from a security standpoint. |
60 |
> You're reasons for it not being viable? |
61 |
> |
62 |
>> Gentoo is no alone however. |
63 |
>> |
64 |
>> For reference, the book I am reading is "Building Secure Servers with |
65 |
>> Linux" |
66 |
>> (ISBN: 0-596-00217-3). The book is written by Michael D. Bauer and |
67 |
>> published by O'Reilly. |
68 |
> |
69 |
> I'll probably end up taking a look at it (got to love safari), specific |
70 |
> chapter that this is suggested in? |
71 |
> ~bdh |
72 |
> |
73 |
>> |
74 |
>> |
75 |
>> -- |
76 |
>> gentoo-dev@g.o mailing list |
77 |
>> |
78 |
> |
79 |
> |
80 |
> -- |
81 |
> gentoo-dev@g.o mailing list |
82 |
> |
83 |
|
84 |
|
85 |
|
86 |
-- |
87 |
gentoo-dev@g.o mailing list |