Okay gang, got the FTP security patch from the Netfilter boys and applied
it. Kernel is compiled and I'm about to tar and gzip it. I also took the
opportunity to go weeding.
The final result is as follows:
1. Kernel is no longer able to mount filesystem images on the loopback
device.
2. There is no longer a PCI Device Database, so PCI devices are listed in
/proc/pci by card ID.
3. The Network Block Device was removed, as I couldn't really see a need
for it on a secure system.
4. Modularized serial support.
Some of these are a little questionable in my own mind, to be honest, so
I'd like some feedback from people on whether or not the tradeoff is
acceptable. However, the final results are impressive. Here's the previous
Standard and UPX-Compressed 2.4.3 kernels:
-rw-r--r-- 1 wolfstar root 552k Apr 11 03:45 kernel.standard
-rw-r--r-- 1 wolfstar root 481k Apr 11 03:46 kernel.upx
Here's the current one:
-rw-r--r-- 1 wolfstar root 474k Apr 20 02:38 kernel.standard
-rw-r--r-- 1 wolfstar root 411k Apr 20 02:39 kernel.upx
So we're looking at about 70-75k of space savings, and that's TRULY
spectacular. I might go back in and try putting back the Serial support
and see how that affects kernel size, but this is a LOT of space saving.
On another note, I was also going to add the ipchains and ipfwadm
compatibility modules, but I discovered that that would require building
the default conntrack module and the iptables module AS modules, instead
of built in.
--
George Metz
Commercial Routing Engineer
[EMAIL PROTECTED]
"We know what deterrence was with 'mutually assured destruction' during
the Cold War. But what is deterrence in information warfare?" -- Brigadier
General Douglas Richardson, USAF, Commander - Space Warfare Center
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
