[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] Gentoo Embedded
From:       Spider <spider () gentoo ! org>
Date:       2003-10-30 2:19:55
[Download RAW message or body]


begin  quote
On Thu, 30 Oct 2003 00:35:37 +0100
Vano D <gentoo-dev@europeansoftware.com> wrote:


> > Another alternative is to use a staging machine to build binaries,
> > then simply untar the .tbz2 files, instead of using portage to do
> > it.(evil solution actually ;)  
> 
> > After that, some manual pruning should get the things in order.
> 
> Yeah really evil. I guess this is what some people do. But I would
> prefer to have portage do the stuff instead of getting worries that I
> might have forgotten to fix a file or something..

Yes, perhaps. But one thing that struck me is how build dependencies and
run dependencies are different, and one can fairly simply modify a
binary package to not include the things you don't want (or portage to
remove it before checksumming/merge-ing )  And therefore still have
portage do its stuff, but no... real portage.

Though, you still need python and the portage software, even if you
might not need the tree.  


> > Though, for a server you don't gain anything in security by removing
> > compilers and development tools. perhaps in complexity and size,
> > though.
> 
> Well. Regarding security that is a bit relative. You do gain in the
> sense that the cracker has one less tool/option at hand and hence you
> gain a little bit more of the higher ground against the attacker. The
> less options/possibilites the cracker has the harder (even if its only
> a little bit) it gets to penetrate (although not impossible of
> course). 


well, sense in this case is purely relative. Checking the honeypot
project and dissection competitions will give you a further sense on
what the crackers actually do.  The interesting one was compiled against
a slackware 2.0 system , and statically linked there (using gcc 2.7 , I
think ) To be imported and run on the victim machine.. Just because that
makes for a smaller footprint on the actual payload.


> Also as you state it is nice to have a simple clean lean system with a
> small footprint.
yeah, this would be interesting for installing Gentoo on that 240 Mb
drive ....  ;)

 
> I really don't know how valid my assumptions are, but I am willing to
> give it a shot to see what comes out of a de-Gentooizable Gentoo ;)


See it as this: at least you'll learn something.  That means its a pure
gain from my perspective. :)

//Spider

-- 
begin  .signature
This is a .signature virus! Please copy me into your .signature!
See Microsoft KB Article Q265230 for more information.
end

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]