1 |
begin quote |
2 |
On Thu, 30 Oct 2003 00:35:37 +0100 |
3 |
Vano D <gentoo-dev@××××××××××××××××.com> wrote: |
4 |
|
5 |
|
6 |
> > Another alternative is to use a staging machine to build binaries, |
7 |
> > then simply untar the .tbz2 files, instead of using portage to do |
8 |
> > it.(evil solution actually ;) |
9 |
> |
10 |
> > After that, some manual pruning should get the things in order. |
11 |
> |
12 |
> Yeah really evil. I guess this is what some people do. But I would |
13 |
> prefer to have portage do the stuff instead of getting worries that I |
14 |
> might have forgotten to fix a file or something.. |
15 |
|
16 |
Yes, perhaps. But one thing that struck me is how build dependencies and |
17 |
run dependencies are different, and one can fairly simply modify a |
18 |
binary package to not include the things you don't want (or portage to |
19 |
remove it before checksumming/merge-ing ) And therefore still have |
20 |
portage do its stuff, but no... real portage. |
21 |
|
22 |
Though, you still need python and the portage software, even if you |
23 |
might not need the tree. |
24 |
|
25 |
|
26 |
> > Though, for a server you don't gain anything in security by removing |
27 |
> > compilers and development tools. perhaps in complexity and size, |
28 |
> > though. |
29 |
> |
30 |
> Well. Regarding security that is a bit relative. You do gain in the |
31 |
> sense that the cracker has one less tool/option at hand and hence you |
32 |
> gain a little bit more of the higher ground against the attacker. The |
33 |
> less options/possibilites the cracker has the harder (even if its only |
34 |
> a little bit) it gets to penetrate (although not impossible of |
35 |
> course). |
36 |
|
37 |
|
38 |
well, sense in this case is purely relative. Checking the honeypot |
39 |
project and dissection competitions will give you a further sense on |
40 |
what the crackers actually do. The interesting one was compiled against |
41 |
a slackware 2.0 system , and statically linked there (using gcc 2.7 , I |
42 |
think ) To be imported and run on the victim machine.. Just because that |
43 |
makes for a smaller footprint on the actual payload. |
44 |
|
45 |
|
46 |
> Also as you state it is nice to have a simple clean lean system with a |
47 |
> small footprint. |
48 |
yeah, this would be interesting for installing Gentoo on that 240 Mb |
49 |
drive .... ;) |
50 |
|
51 |
|
52 |
> I really don't know how valid my assumptions are, but I am willing to |
53 |
> give it a shot to see what comes out of a de-Gentooizable Gentoo ;) |
54 |
|
55 |
|
56 |
See it as this: at least you'll learn something. That means its a pure |
57 |
gain from my perspective. :) |
58 |
|
59 |
//Spider |
60 |
|
61 |
-- |
62 |
begin .signature |
63 |
This is a .signature virus! Please copy me into your .signature! |
64 |
See Microsoft KB Article Q265230 for more information. |
65 |
end |