| 1 |
How about the ability to install a gentoo system on a 20MB partition? |
| 2 |
The ability make a profile not containing gcc, glibc and portage would |
| 3 |
be nice. |
| 4 |
|
| 5 |
-John |
| 6 |
|
| 7 |
|
| 8 |
Brian Harring wrote: |
| 9 |
> |
| 10 |
> On Monday, September 1, 2003, at 02:04 AM, Steven Elling wrote: |
| 11 |
> |
| 12 |
>> On Sunday 31 August 2003 13:14, John Nilsson wrote: |
| 13 |
>> |
| 14 |
>>> Some requirement thoughts: |
| 15 |
>>> A network of gentoo hosts should have only one portage processing server |
| 16 |
>>> and any number of installation leafs. |
| 17 |
>>> |
| 18 |
>>> First of all portage needs to easily handle more than one installation. |
| 19 |
>>> Second the "leaf-installations" should have a very strict minimum |
| 20 |
>>> requiremnts. |
| 21 |
>>> Third redundancy is probably important. The information to restore a |
| 22 |
>>> lost "leaf" should be availible on booth the portage host and on the |
| 23 |
>>> leaf it self. |
| 24 |
>> |
| 25 |
>> |
| 26 |
>> I think this is something sorely needed. I'm reading some books on |
| 27 |
>> securing |
| 28 |
>> Linux servers and on a bastion host (or any host in a DMZ for that |
| 29 |
>> matter) |
| 30 |
>> there should not be a compiler or any include files. The reason why |
| 31 |
>> is if |
| 32 |
>> the system were compromised it would limit the cracker from compiling and |
| 33 |
>> installing a root kit. |
| 34 |
> |
| 35 |
> It would limit them to having to install a root kit, or install a |
| 36 |
> compiler (and needed headers). Kind of pointless though, since if |
| 37 |
> they've managed to elevate their rights to the level of installing a |
| 38 |
> root kit, lack of a compiler is merely an annoyance to them at that point. |
| 39 |
> Maybe I'm missing something, but this strikes me as nothing more then an |
| 40 |
> annoyance to someone after they've *already* cracked the box. To me |
| 41 |
> it's like littering tacks throughout your house, hoping to slow down the |
| 42 |
> robber who has already broke into your house- yeah, it'll likely slow |
| 43 |
> him down, but it's also a makes things a pain in the arse for the home |
| 44 |
> owner... |
| 45 |
> Of course, as I said, perhaps I'm missing something... |
| 46 |
> |
| 47 |
>> As it stands right now, a Gentoo based system |
| 48 |
>> requires gcc, includes, and all their friends to operate and be managable |
| 49 |
>> (Note: Gentoo alone does not have this problem. RedHat, Debian, and every |
| 50 |
>> kitchen sink distro does the same). |
| 51 |
>> |
| 52 |
>> I like Gentoo, but it is not a viable option to the security concious and |
| 53 |
>> enterprises because it does not support such a feature in addition to |
| 54 |
>> central package management. |
| 55 |
> |
| 56 |
> I'd agree on the central package management aspect- the ability to |
| 57 |
> control and push updates out (after securing the method/control channels |
| 58 |
> in some manner) would be quite nice. None the less, I'd tend to think |
| 59 |
> (opinion of course) gentoo is quite fine from a security standpoint. |
| 60 |
> You're reasons for it not being viable? |
| 61 |
> |
| 62 |
>> Gentoo is no alone however. |
| 63 |
>> |
| 64 |
>> For reference, the book I am reading is "Building Secure Servers with |
| 65 |
>> Linux" |
| 66 |
>> (ISBN: 0-596-00217-3). The book is written by Michael D. Bauer and |
| 67 |
>> published by O'Reilly. |
| 68 |
> |
| 69 |
> I'll probably end up taking a look at it (got to love safari), specific |
| 70 |
> chapter that this is suggested in? |
| 71 |
> ~bdh |
| 72 |
> |
| 73 |
>> |
| 74 |
>> |
| 75 |
>> -- |
| 76 |
>> gentoo-dev@g.o mailing list |
| 77 |
>> |
| 78 |
> |
| 79 |
> |
| 80 |
> -- |
| 81 |
> gentoo-dev@g.o mailing list |
| 82 |
> |
| 83 |
|
| 84 |
|
| 85 |
|
| 86 |
-- |
| 87 |
gentoo-dev@g.o mailing list |
Archives