Cracked

[Matt Zimmerman]

On Mon, Oct 18, 2004 at 03:20:12PM +0800, John wrote:

> Omitting gcc and other program development tools from a server is 
> sensible. Make is sensible (sendmail and ypserv use them), bug gcc, g++, 
> -dev packages? I don't think so.

This is bogus as a security countermeasure, but Ubuntu already omits these
from both the default desktop and custom/server install.

Of course, Ubuntu doesn't install sshd by default, either.

> Some of the available countermeasures are difficult (but I've not
> invesitigate selinux or lids to help here), some should be attended to in
> default server installations.

This sounds like something to be explored in an Ubuntu derivative; perhaps
you'd be interested in working on one.

-- 
 - mdz