Subject: Re: kernel-by-email
To: VaX#n8 <vax@ccwf.cc.utexas.edu>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
List: current-users
Date: 03/08/1995 23:07:45
>1) Anyone know of a better filter program than the filter that comes with
>elm? It doesn't make it easy to scan Cc: lines for things like current-users.
Other people have suggested procmail - I second that, but I'm wondering why
you would need to check Cc: lines at all, as I would just reply to the
>From address.
>2) Has anyone looked into how secure taking a config file and compiling a
>kernel would be? My main two concerns are inclusion of arbitrary files by
>using the config program, and execution of arbitrary commands. The latter
>could probably be taken care of by su'ing to a special user/group and
>chrooting, but I'm wary of chrooting... any special considerations, aside
>from avoiding s[ug]id programs in the chrooted area?
Setting up a chrooted area will be a tad painful, as you'll have to copy in
all the shared libs and ld.so (If they're on the same partition, you could hard
link them), but it's probably the safest way. Hmmm, maybe a read-only loopback
mount into the chrooted area for all the kernel sources?
--Ken