| 1 |
begin quote |
| 2 |
On Thu, 30 Oct 2003 00:35:37 +0100 |
| 3 |
Vano D <gentoo-dev@××××××××××××××××.com> wrote: |
| 4 |
|
| 5 |
|
| 6 |
> > Another alternative is to use a staging machine to build binaries, |
| 7 |
> > then simply untar the .tbz2 files, instead of using portage to do |
| 8 |
> > it.(evil solution actually ;) |
| 9 |
> |
| 10 |
> > After that, some manual pruning should get the things in order. |
| 11 |
> |
| 12 |
> Yeah really evil. I guess this is what some people do. But I would |
| 13 |
> prefer to have portage do the stuff instead of getting worries that I |
| 14 |
> might have forgotten to fix a file or something.. |
| 15 |
|
| 16 |
Yes, perhaps. But one thing that struck me is how build dependencies and |
| 17 |
run dependencies are different, and one can fairly simply modify a |
| 18 |
binary package to not include the things you don't want (or portage to |
| 19 |
remove it before checksumming/merge-ing ) And therefore still have |
| 20 |
portage do its stuff, but no... real portage. |
| 21 |
|
| 22 |
Though, you still need python and the portage software, even if you |
| 23 |
might not need the tree. |
| 24 |
|
| 25 |
|
| 26 |
> > Though, for a server you don't gain anything in security by removing |
| 27 |
> > compilers and development tools. perhaps in complexity and size, |
| 28 |
> > though. |
| 29 |
> |
| 30 |
> Well. Regarding security that is a bit relative. You do gain in the |
| 31 |
> sense that the cracker has one less tool/option at hand and hence you |
| 32 |
> gain a little bit more of the higher ground against the attacker. The |
| 33 |
> less options/possibilites the cracker has the harder (even if its only |
| 34 |
> a little bit) it gets to penetrate (although not impossible of |
| 35 |
> course). |
| 36 |
|
| 37 |
|
| 38 |
well, sense in this case is purely relative. Checking the honeypot |
| 39 |
project and dissection competitions will give you a further sense on |
| 40 |
what the crackers actually do. The interesting one was compiled against |
| 41 |
a slackware 2.0 system , and statically linked there (using gcc 2.7 , I |
| 42 |
think ) To be imported and run on the victim machine.. Just because that |
| 43 |
makes for a smaller footprint on the actual payload. |
| 44 |
|
| 45 |
|
| 46 |
> Also as you state it is nice to have a simple clean lean system with a |
| 47 |
> small footprint. |
| 48 |
yeah, this would be interesting for installing Gentoo on that 240 Mb |
| 49 |
drive .... ;) |
| 50 |
|
| 51 |
|
| 52 |
> I really don't know how valid my assumptions are, but I am willing to |
| 53 |
> give it a shot to see what comes out of a de-Gentooizable Gentoo ;) |
| 54 |
|
| 55 |
|
| 56 |
See it as this: at least you'll learn something. That means its a pure |
| 57 |
gain from my perspective. :) |
| 58 |
|
| 59 |
//Spider |
| 60 |
|
| 61 |
-- |
| 62 |
begin .signature |
| 63 |
This is a .signature virus! Please copy me into your .signature! |
| 64 |
See Microsoft KB Article Q265230 for more information. |
| 65 |
end |
Archives