Re: One for the Security Guru's

From: Henning P. Schmiedehausen (hps@intermeta.de)
Date: Thu Oct 24 2002 - 04:47:38 EST


James Stevenson <james@stev.org> writes:

>can read / write disks. Thus you could recompile your own kernel

Don't put a compiler on the box.

The point is not, to make it impossible to root your box. The point
is, to make it a) hard(er) and b) time intensive.

a) keeps out the kiddies with the r00t hAx0r kits
b) gives a security aware staff (or an IDS or a security watcher)
   a reaction window.

One of the most sucking decisions of mainstream distributions is that
they offer to install a development kit on server installs. It seems
that people working @ linux vendors either have no clue or simply
don't understand the needs of their customers.

Sheesh, some even install a full desktop with "[gnome|kde]-games" on a
server. What is this? Microsoft Windows <insert your poison here>" ?

        Regards
                Henning

-- 
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen       -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH     hps@intermeta.de

Am Schwabachgrund 22 Fon.: 09131 / 50654-0 info@intermeta.de D-91054 Buckenhof Fax.: 09131 / 50654-20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:22 EST