At 05:53 AM 11/9/99 -0800, you wrote:
>hi list
>
>how does one take the bootstrap.
>how to add a kernel and a filesystem.
>add init
>no shell, no password file, no /etc/fstab
I would guess that "take the bootstrap" amounts to getting the source code
for LILO. Adding a kernel and a filesystem = compile a linux (or other OS)
kernel and also create a filesystem on some storage device (e.g. a hard disk).
"add init" by the sound of it the person is suggesting that you write an
init program from scratch. I reccommend that you start by getting a degree
in CS (if you don't already have one) and then read the source code for
init. You will probably have to spend a few years (possibly a decade or
two, it depends on how many people are helping) writing your own versions
of "everything above kernel space" as this encompasses all the utils and
applications that run on the operating system (including even the shell).
You could cut this down considerably by writing an OS with no user
interface whatsoever, that just ran pre-compiled binaries at locations in
the file system, but this would be a little limited. When you're done,
assuming you didn't make any mistakes, you would have a perfectly secure OS
that could run any program somebody cares to write for it. It sounds sort
of like a lifetime's worth of work for 1 person, and almost an impossible
task; since you would be writing probably several hundred thousand lines of
source code, the odds that you wouldn't make even one mistake that posed a
potential security risk are fairly minimal, in fact the odds that it would
even be more secure than the older (more debugged) Linux code are pretty
small, but don't let that stop you :) I could use a perfectly secure OS and
if you are able to drum up enough support from skilled programmers you may
be able to finish it fairly quickly (say six months to get a beta version
going and then 2 or 3 years for debugging).
If you're interested in a somewhat faster solution I suggest that instead
you try something a little simpler. The following is a rough description of
what I would do if I needed a "perfectly" un-hackable system:
1. Create an absolutely minimal Linux installation that does only what the
computer _needs_ to do. Omit such things as user home dirs, accounts other
than root and nobody, shells and utils and especially servers to the
greatest extent possible (totally omit any server which is not absolutely
necessary to the machine's function).
2. Configure syslogd so that all logging is to a remote system, and only
the /tmp and /var directories are writable (assuming you need them, you may
not). Place the /tmp and /var directories on a device which is mounted from
FSTAB with options set to read/write and no execute (i.e. no program can be
run from that filesystem).
3. Whatever further tweaking seems necessary to make the system run by
booting a kernel off a floppy disk and then running with the root
filesystem in read-only mode.
4. Burn root partition to a cd, making the cd bootable with the kernel you
were using on floppy (you will have to modify fstab and a couple of other
things first).
5. Physically remove the hdd with the root partition from the machine, and
run from the cd (this will make it "very awkward" for a hacker to replace
system binaries. Merely running from a hdd mounted as read-only is no
substitute unless the hdd is one of those rare models with a hardware
"write protect" jumper).
n.b. Ideally you should not have any r/w media in the machine, but for most
applications this is not practical. For some of the most critical however
(e.g. a firewall) it is quite possible, and well worth doing (actually I
think somebody already built a decent firewall system that runs off a
single write-protected floppy disk, but I can't recall who or where off hand).
For really mission critical applications I reccommend the DOD approved
security approach: Do not connect the computer to a network.
--
"Yes, I am paranoid," said the old king, "but am I paranoid enough?"
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
