SLUG Mailing List Archives - Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]

To: Jeff Waugh <jdub@xxxxxxxxxxxxxx>
Subject: Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
From: O Plameras <oscarp@xxxxxxxxxxx>
Date: Wed, 03 Nov 2004 20:36:18 +1100
Cc: slug@xxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.8 (X11/20040913)

Jeff Waugh wrote:

<quote who="O Plameras">

Yes, it is.


Oscar, quite seriously, the concept of "building a kernel" has absolutely
nothing to do with security. Someone has been telling you tall stories.

Jeff, security I take seriously. I want to be satisfied that there isnothing in thesource codes that compromises. I also want to have a third, fourth, etcpartyfor the record to audit the process (or business process). It is myprocess to

put everything in writing, not just my word or someones words, and then
someone can take his or my word for it. As we all know, in computer
security everyone is distrusted except those that one expressly trust. And
this is made operational in computer process by means of filters, that is,
everything is disallowed except those that one has expressly allowed.

The other side is you trust everyone except those that you have expressly
identitfied as not trustworthy. This is not how computer security works.
Computer security I follow is I trust only those I expressly trust and
do not trust everyone else.

I do not trust the Source Codes as a matter of procedure until I confirmed

that it is trustworthy. This is not me but it is logical, practical, andis the

practice.

Your distribution, one would hope, supplies a fully security-supported,
stress-tested kernel, which they'll update when there are vulnerabilities.
If you build your own kernel, you have to manage that process on your own,
which is a *very* significant undertaking.

Allow only those that you trust is the rule; and Do Not trust everyone.This is oneof the rules in computer security. So, how can you be sure that yoursystem is

secure if you have not verified or audited that it is secure.

Building your own kernel makes it *harder* for you to sustainably secure
your server. It is *not* "required".

If you seriously believe this to be true, you might want to reply with more
rationale and detail than "yes, it is", so we can find out where you've gone
wrong. :-)

I've doing this for over 35 years, I do not find it hard or difficult asyou like to portray.

Follow-Ups:
- Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
  - From: Benno
- Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
  - From: Jeff Waugh

References:
- RE: [SLUG] Maybe trying out gentoo again
  - From: Roger Barnes
- Re: [SLUG] Maybe trying out gentoo again
  - From: Jeff Waugh
- Re: [SLUG] Maybe trying out gentoo again
  - From: O Plameras
- [SLUG] Building kernels [Was: Maybe trying out gentoo again]
  - From: Jeff Waugh
- Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
  - From: O Plameras
- Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
  - From: Jeff Waugh

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Need help in choosing distro
Next by Date: Re: [SLUG] Maybe trying out gentoo again
Previous by thread: Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
Next by thread: Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]