Re: [gentoo-dev] Secure Gentoo - What do you think?

[Joachim Blaabjerg <styx@SuxOS.org>]

On 08 Jan 2002 10:27:15 -0500
Grant Goodyear <goodyea@clemson.edu> wrote:
> 
> Gads, I hope not!  If you do need to modify all of the ebuilds, then we
> haven't done our jobs very well.  

There are a few problems that hopefully can be avoided easily, such as post
installation routines. I was planning on using a modularized script to update
the LIDS ACLs, and letting every new program add ACLs for itself in one
directory (one file for each program) upon installation. The problem (if one can
call it that) is that I've recently decided to make a deny-all type of LIDS
configuration, so every program that intends to do anything in particular will
need specialized LIDS ACLs... So unless there is a special way of doing this, I
think I'll have to modify a couple of .ebuild files... :-/ Luckily, I don't
intend to include all the programs you guys have made .ebuild files for, such as
X, Gnome, KDE, and other applications that are strictly unneccessary (and maybe
even a security risk) on a dedicated server.

> As for where to start, I assume you've installed Gentoo once or twice to get a
> good feel for how it works? 

Hopefully, I'll get an ADSL connection tomorrow (after waiting for a couple of
years...), so I can install Gentoo for the first time. I downloaded the .iso,
but downloading tens or hundreds of megabytes of source isn't really feasible
when you're connected to the 'net with a 56k modem ;)

> Then I would start on building a minimal SuxOS system.  You'll
> presumably need to modify the bootstrap.sh script to compile glibc
> with formatguard, create a SuxOS kernel ebuild that includes all of the
> necessary patches, and make a /usr/portage/profiles/SuxOS/packages file
> tailored to SuxOS needs.  Come play on #gentoo on irc.openprojects.net;
> we'll be happy to help!

#gentoo, here I come! ;)

BTW, have you guys got any ideas for a name?

Regards

-- 
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org