On Wed, 1 Nov 2000, Jeffry Smith wrote:
> Even better, TAKE IT OFF THE SYSTEM! Code that isn't on the system
> isn't a security risk (i.e. they can't somehow turn it on).
Nah... I agree in principle but if they've compromised the system and
gotten shell access, it's a simple matter to install via rpm or apt-get on
the vast majority of Linux systems. Not worth worrying about.
> Build a custom install with the kernel stripped to the absolute
> essential services. Even better, build into the kernel what you need,
> and turn off module support (so they can't do an insmod / modprobe to
> insert malicious code).
This I agree with wholeheartedly.
--
We sometimes catch a window, a glimpse of what's beyond
Was it just imagination stringing us along?
------------------------------------------------
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED] | GnuPG Key ID: 81CFE75D
Retrieve my public key at http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************