On Saturday 14 May 2005 16:18, Omer Zak wrote:
> On Sat, 14 May 2005, Shlomi Fish wrote:
> > On Saturday 14 May 2005 13:05, Tzafrir Cohen wrote:
> > > You can install a debian build environment in a chroot jail of an
> > > existing system. It seems that the current policy is not to hold the
> > > build environment on Eskimo.
> >
> > Hmmm... I think that not having a build environment is a bit overrated as
> > a security measure. A prospective intruder can always install binaries he
> > cross-compiled (or just compiled) on his own machine. But not having a
> > build environment (not even make, which is practically harmless) causes a
> > lot of frustration and problems to the users there. I call this "Security
> > by Hurdles", which is a good measure, but sometimes you need to say
> > "Enough is enough".
>
> I thought that all successful security mechanisms work by being "security
> by hurdles", such as sentries at entrance to sensitive locations, having
> to enter a password when logging in, using lock&key to secure doors, etc.
Wrong. As is known from cryptography, a prospective attacker must be able know
everything about the system, except your secret passwords.
>
> This said, I add my vote against having a build environment in the server.
> It is so much easier to install Trojan software when it is not necessary
> to figure out the exact version of libraries, kernel, or even the machine
> language of the computer in question.
>
> We do need a volunteer to maintain a clone of the server machine - with
> exactly the same versions of build tools, Perl interpreter, libraries,
> etc. The clone will be used for building any software needed for the real
> server.
>
> This will make it possible to configure the server (and its clone) in such
> a non-standard way that will foil practically all attempts to install and
> activate rogue software on the server.
-1. I absolutely refuse to put library in /HelloMyLibs/ binaries
in /opt/__Debian-F**k/bin, etc. I support putting things where we used to.
Ori Idan had told me about what Shachar did to beak. It's a system full of
scripts, a chroot-jail and a Debian Woody-that isn't quite Debian. They'd
like to re-install it. I'm not going there. Eskimo's configuration will
remain pretty much standard.
I should also note that Perl is installed on eskimo, and if you hack into
eskimo, there's no problem doing anything you please with Perl. You don't
need gcc or anything. /me should write a C compiler in Perl one day.
Regards,
Shlomi Fish
---------------------------------------------------------------------
Shlomi Fish [EMAIL PROTECTED]
Homepage: http://www.shlomifish.org/
Tcl is LISP on drugs. Using strings instead of S-expressions for closures
is Evil with one of those gigantic E's you can find at the beginning of
paragraphs.
