> > > Wrong, again. One of the Generic Security Policies, amongst many: > > *Exclude all parts of the OS that are not required. And so, says it all.
but why stop at the kernel? why not build your own glibc with NSS turned off? who needs name service switch on a firewall, who needs bash tab completetion on a firewall... etc.. you are lulling yourself and your customers (more scary) into thinking that by u compiling a kernel you are making their system more secure whereas in fact you may be making their system less secure by not allowing them to install vendor supplied security updates... this is the fact that your missing, and which you don't seem to want to get, .. it's not so bad for you but I would feel bad for anyone who you push this advice on... does anyone recompile cisco pix? or Solaris kernels? do they have worse security? (well cisco pix is probably a crappy example ;-), say IOS instead) Dave. -- David Airlie, Software Engineer http://www.skynet.ie/~airlied / airlied at skynet.ie pam_smb / Linux DECstation / Linux VAX / ILUG person -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
