To: linux-kernel@vger.kernel.org
Path: forge.intermeta.de!not-for-mail
From: "Henning P. Schmiedehausen" <hps@intermeta.de>
Newsgroups: hometree.linux.kernel
Subject: Re: One for the Security Guru's
Date: Thu, 24 Oct 2002 09:47:38 +0000 (UTC)
Organization: INTERMETA - Gesellschaft fuer Mehrwertdienste mbH
Message-ID: <ap8fjq$8ia$1@forge.intermeta.de>
References: <20021023130251.GF25422@rdlg.net> <1035411315.5377.8.camel@god.stev.org>
Reply-To: hps@intermeta.de
NNTP-Posting-Host: forge.intermeta.de
NNTP-Posting-Date: Thu, 24 Oct 2002 09:47:38 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1323
Lines: 30

James Stevenson <james@stev.org> writes:

>can read / write disks. Thus you could recompile your own kernel

Don't put a compiler on the box.

The point is not, to make it impossible to root your box. The point 
is, to make it a) hard(er) and b) time intensive. 

a) keeps out the kiddies with the r00t hAx0r kits 
b) gives a security aware staff (or an IDS or a security watcher) 
   a reaction window.

One of the most sucking decisions of mainstream distributions is that
they offer to install a development kit on server installs. It seems
that people working @ linux vendors either have no clue or simply
don't understand the needs of their customers.

Sheesh, some even install a full desktop with "[gnome|kde]-games" on a
server. What is this? Microsoft Windows <insert your poison here>" ?

	Regards
		Henning

-- 
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen       -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH     hps@intermeta.de

Am Schwabachgrund 22  Fon.: 09131 / 50654-0   info@intermeta.de
D-91054 Buckenhof     Fax.: 09131 / 50654-20   
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/