qrux.qed at gmail.com
Sat Mar 3 10:11:55 PST 2012
On Mar 3, 2012, at 8:57 AM, Ken Moffat wrote:
> you understand the security risks, then don't let me stop you.
I appreciate the clarification of what you mean when you say "production." I sort of assume that that's always the case: "Your computers are only as secure as the competence of the people who write the software you use."
The security issues with production has been mentioned several times. I've sort of just assumed it was a friendly "caveat emptor", and filtered it out. But, it's now come up often enough where it seem to be implying something stronger than the assumption above. In fact, it all-but-suggests: "There are some serious security issues with LFS."
Is this actually the case? If so, is there any sort of errata-like page that lists the known vulnerabilities? Perhaps this is naive, but AFAICT, a pure LFS system has no network vulnerabilities since it only brings up an interface and gives it an IP address but runs no daemons (other than syslog, which I suppose could be abused, but I didn't think it was being run in allow-other-machine-to-log-to-me mode). It would seem that the network security exposure would be limited to the Ethernet layer, and it would have to be compromised to the point where simply reading malicious traffic on the local segment would somehow allow an attacker access. That seems really unlikely to me.
Assuming that's not the case...Are you referring to BLFS? More specifically, are there issues you're aware of that aren't covered by the usual umbrella of "if-you-screw-up-your-config-you-make-your-system-insecure" disclaimer? Meaning, if one were to follow the same "best practices" you might use on a Ken-approved-production distro, does LFS have vulnerabilities in addition to whatever exposure exists simply from running that daemon?
If it's not a network thing, is the concern about legitimate users who can gain privileges because LFS tends to use packages "straight-from-the-tarball" (i.e., without security patches)? Or is the concern about LFS's somewhat "vanilla" configuration files, which might not be hardened? Or, are you comparing LFS to something like a hardened SELinux? The concern seems strong...What exactly is the context of these concerns? I'd hate to be wandering into shark-infested waters based on tacit assumptions that LFS was about as secure as anything else, when used and configured in similar ways.
More information about the lfs-dev