lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0401210939510.24922-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Re: January 15 is Personal Firewall Day, he
 lp the cause

> > > <snip>
> > >
> > And yet, there's not much one ca do with a kernel alone.  Of
> > course redhat
> > tends to be one of the "kitchen sink" distros of linux.  And
> > if you are in
> > for a test of your skills, try replacing say apache with your
> > own build on
> > a redhat system, and learn the issues of dependcany hell that is the
> > redhat RPM structure.
> >
> Bad example. We ran our own RPM for Apache for at least a year, recompiling
> whenever a newer version came out. All you do is add your patch in the
> apache.spec file, and up the version number slightly. Our particular patch
> did what 'RequestHeader unset "Authorization"' does in Apache 2.0.
>
> This was on Red Hat 7.2, but newer versions of Red Hat are the same.
>
> Now if you were talking about openssl, I'd agree with you. I've emailed far
> too many people who've stuffed their machines by either removing or
> overwriting the built-in openssl package from Red Hat 7.0 onwards.
>

Actually, I was not clear enough, I was referenceing apache with ssl
capabilities, but, then again, this also is lacking in the full dependancy
hell I refer to.  When engaged on a project to port our web hosting to the
s390 platform with redhat VM's there, we decided to go with as minimal a
install as possible.  Apache is quite dependent upon quite a few bloated
RPM's itself, adding onenssl into the mixfor ssh/ssl capabilities
increases this dependance quite a bit.  And the real problem was finding
any doocumentation to define the needs and depenance of one  package to
another.

Now, this is also encountered in other platforms, but, is somewhat better
documented as well via the other vendors.  What was interesting was that
both redhat and IBM were kinda surprised that we'd even consider a minimum
install, rather then a blow everything into the VM and run with it
approach...


Slackware at least  provides a MANIFEST of all the files by package, such
that one  can weed through and make installation decisions prior to doing
a setup/install, I'm still looking for the redhat equivalent <though
admittedly, no longer as diligently as I was a few months ago>.

Not that redhat is even now ready  to properly support it's offering on
the s390 platform.  Even with their recent repositioning of their
offereings, the back end support channels for this platform are still
pretty much non-existant. <but, that's another issue altogether>


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ