SLUG Mailing List Archives
Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
- To: Jeff Waugh <jdub@xxxxxxxxxxxxxx>
- Subject: Re: [SLUG] Building kernels [Was: Maybe trying out gentoo again]
- From: O Plameras <oscarp@xxxxxxxxxxx>
- Date: Wed, 03 Nov 2004 20:36:18 +1100
- Cc: slug@xxxxxxxxxxx
- User-agent: Mozilla Thunderbird 0.8 (X11/20040913)
Jeff Waugh wrote:
Jeff, security I take seriously. I want to be satisfied that there is
nothing in the
source codes that compromises. I also want to have a third, fourth, etc
for the record to audit the process (or business process). It is my
<quote who="O Plameras">
Yes, it is.
Oscar, quite seriously, the concept of "building a kernel" has absolutely
nothing to do with security. Someone has been telling you tall stories.
put everything in writing, not just my word or someones words, and then
someone can take his or my word for it. As we all know, in computer
security everyone is distrusted except those that one expressly trust. And
this is made operational in computer process by means of filters, that is,
everything is disallowed except those that one has expressly allowed.
The other side is you trust everyone except those that you have expressly
identitfied as not trustworthy. This is not how computer security works.
Computer security I follow is I trust only those I expressly trust and
do not trust everyone else.
I do not trust the Source Codes as a matter of procedure until I confirmed
that it is trustworthy. This is not me but it is logical, practical, and
Allow only those that you trust is the rule; and Do Not trust everyone.
This is one
of the rules in computer security. So, how can you be sure that your
Your distribution, one would hope, supplies a fully security-supported,
stress-tested kernel, which they'll update when there are vulnerabilities.
If you build your own kernel, you have to manage that process on your own,
which is a *very* significant undertaking.
secure if you have not verified or audited that it is secure.
I've doing this for over 35 years, I do not find it hard or difficult as
you like to portray.
Building your own kernel makes it *harder* for you to sustainably secure
your server. It is *not* "required".
If you seriously believe this to be true, you might want to reply with more
rationale and detail than "yes, it is", so we can find out where you've gone