On Sunday 16 February 2003 05:47 pm, Simon Blake wrote: > What I was asking was what real,tangible benefit write protecting the > boot media gives you, and is that benefit worth anything against the > extra hassle of having a write protected boot media.
OK, the assumption here is that the box actually gets compromised with write access. Not a big deal on a 2 interface SOHO implementation, but a large PITA if your running >4 interfaces and a lot of userspace programs and getting paid to fix it. There are LEAF boxes out there using ~20 interfaces. WriteProtection gives you something to compare to, and a base to change to eliminate the hole when it is found. You can wipe out a back door and buy atleast a little time to update your image with a reboot. Writeprotection is not an ultimate security implementation, rather it is an optional tool that is available for those who want it. The LEAF developers tend to try to stay with a floppy image to hone our development skills, this is not mandatory as reflected by what the mailing-list archives show. In fact, IDE has been available since Eiger. What is the difference between a minimal Debain/Slackware install and a full LEAF install? If running on IDE and having the maximum amount of available packages is more important than the core of security options we've decided on, I don't feel you would even be posting to this list. Always remember, your idea of a 'secure system' does not necessarily relect anyone elses opinion. We try to provide what options we feel are desired and/or needed. If the floppy disk does not work as a target media for you, don't use it.... nobody here will really care. There has been glibc-2.2.x IDE images available for atleast a year, are you using one? If not, why? I'm afraid that developing for IDE only will allow many of us to become lazy in developing small-footprint applications. Fortunately I can say that this is not the case right now. Since I last added a new ipsec tunnel on my personal home Dachstein box: firewall: -root- # uptime 06:16:29 up 88 Days (2122h), load average: 0.00 0.00 0.00 I had uptime over 6 months with my old Eigerstein floppy box until a power failure. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
