Re: Debian Installation experience

To: stick@richnet.net
Cc: debian-user@lists.debian.org
Subject: Re: Debian Installation experience
From: Alexander Kjeldaas <astor@guardian.no>
Date: Tue, 8 Jul 1997 18:15:09 +0200 (MET DST)
Message-id: <[🔎] Pine.LNX.3.95.970708155741.16193D-100000@lucifer.guardian.no>
Reply-to: Alexander Kjeldaas <astor@guardian.no>
In-reply-to: <[🔎] m0wlagu-000IR4C@bertha.practical.net>


On Tue, 8 Jul 1997 stick@richnet.net wrote:

> > * All filesystems are read-only.  
> Even /home?  How are these people going to create any data if all filesystems
> are read-only.  Certainly, they have to have write access to some portion of
> the system.  Yes?  If they do have write access anywhere on the system then
> they can create executables.

/var is read-write, but noexec.

> > * (Re)mounting is disabled.
> > * immutable-append-only are enforced by the kernel (i.e. you can't chmod
> >   them away).  
> Does this mean that you have to boot to a different kernel to do software
> upgrades?

yes.

> > * /var is _not_ read-only, but noexec, nodev.  
> > * all directories in /var are immutable - log-files are append-only. 
> How are you going to rotate your log files?  They are going to get pretty
> large.  Are you going to take the system down to some maintenance run-level
> every day or so in order to do your house-keeping?

kernel-support.

> > * No compiler, no advanced scripting languages available, no debugger, no
> >   dynamically linked executables.  
> When you say "no advanced scripting languages" are you including bash, tcsh
> and zsh?

no

> Shared libraries are a good thing.  The system is going to require much more
> memory to run if all executables are statically linked.  And then when a new
> library is made available, you're going to have to recompile all of your
> executables.  This doesn't sound desirable to me.

You're absolutely right, better use a stripped down dynamic linker.  My
point was that you shouldn't be able to use a LD_PRELOAD-type of attack to
get something to execute out of /var.

> Which Linux distribution do you currently base your system on?

none.

> OK, but that still leaves "sh myprog.sh".

yes.

> The base Debian doesn't have "a dozen languages" on it.  I thought we were
> talking about needing Perl on a base Debian system?  Perl is one language.
> Java support is truly optional.

yes we're only talking about perl. 

> By "specialized" distributions, do you mean like the Linux Router Project
> and other embedded systems?  It seems to me that one could install the base
> system and then remove the few packages that are not desired.  Once that's
> done, you've got the "specialized" distribution.  yes?

Yes. But dpkg depends on perl for its backends so you'll be crippled. An
important advantage debian has over other distributions is the
package-system.

astor


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Upgrade Troubles on Thinkpad 365XD
  - From: Paul Rightley <pright@lanl.gov>
- Re: Debian Installation experience
  - From: Brandon Mitchell <bhmit1@mail.wm.edu>

References:
- Re: Debian Installation experience
  - From: stick@richnet.net

Prev by Date: Re: Network Configuration
Next by Date: Re: Log of secondary DNS updating from primary.
Previous by thread: Re: Debian Installation experience
Next by thread: Upgrade Troubles on Thinkpad 365XD
Index(es):
- Date
- Thread