On Mon, May 03, 2004 at 11:54:10PM +0300, Shachar Shemesh wrote: > Tzafrir Cohen wrote: > > >On Mon, May 03, 2004 at 03:18:10PM +0300, Diego Iastrubni wrote: > > > >>ביום ראשון, 2 במאי 2004, 23:18, נכתב על ידי Tzafrir Cohen:
> >>I can only think about this issues: > >>- Don't install a compiler on that box > >> > >> > > > >And when we need to build a custom package (the kernel comes to mid) : > >what build machine should be used? > > > > > Actually, I find building a custom kernel to be impractical on > production machines, but never mind. Unless the hardware is not supported in the default kernel. > > Beak is already configured that way. When I need to build something, I > use a VMWare machine at home which is configured similarly to beak, but > less hardened. I then transfer the compiled debs to beak, and install > them there. So what should happen happens if someone is ever to replaces you as the admin of Beak? iglu's "active admin" seems a less regular job. Anyway, it is possible to later add/remove development packages (remove: e.g: with deborphan), so it's posible to revert this decision. Frrankly I don't see much point in such a decision: perl is already available to do practically anything you can do in C. The attacker can compile the code later. And a C complier really isn't that big (try tcc). There is an obvious price to pay in maintinance convinience. > >No. If all goes well, /storage remains unharmed, as well as /home and > >/iglu . > > > Yes, but things often don't go well. Can I backup some stuff to beak? How much? > > Do you want me to install a setup similar to beak on iglu? CHROOT apache > and all? Sounds good. Why not? And in another message Shachar Shemesh wrote: > >Can anybody from here be availble to answer my questions on those two > >subjects (and preferbly some hand-holding with qmail). > If you get woody connected behind a reasonable firewall, I can do the > rest from home. Would that be ok with you? Yes, this would be great. -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+
