how about formatguard in lfs-2.4.X ?

Joe Weidenbach weidenbach at web-weaver.net
Fri Jan 19 03:10:39 PST 2001


On Friday 19 January 2001 02:14, you wrote:
> : On Fri, 19 Jan 2001 11:06:14 +0100, Jan Stifter wrote:
> :
> >how can this be done, if e.g. /sbin/lilo is already
> >compiled against glibc
>
> I knew I got the name wrong.
>
>   http://www.bell-labs.com/org/11356/libsafe.html

The question--It looks to me as it libsafe is more of a program that watches 
the calls made.  I'd rather not have an extra program running--not to say it 
would affect my performance much (I'm running on a PII 400 with 256 Mb of 
memory, soon to be a T-bird 1.2GHz).  But I agree with Jan--since we're 
compiling anyways in the book, why not just use the formatguard.

All that aside, I don't know that this will contribute to a "base system".  
LFS as it comes out of the book is _not_ secure.  Heck, I can telnet into a 
base LFS system (not that I use telnet...I use ssh) as root if I want, 
without su-ing.  I think that things should remain as they are, but this 
might make for a good hint.  Since you folks know more about it, Maybe you 
should write one up.

I do, of course, leave this to Gerard to decide on.  Just my two cents worth.

SCDrumline

-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list