Re: Hardening, (was Re: chroot useful?)

[Darren Reed <darrenr () cyber com au>]

In some mail I received from Marcus J. Ranum, sie wrote
> Darren Reed wrote:
> > Sigh.  Why does everyone pick on man pages ? 
>
> Because man pages don't fight back!! :)  Seriously, though,
> my view is that if you're stud enough to be messing around
> on my box, you shouldn't need the man pages. If you do,
> you're not stud enough, ipso facto.

Okay, I can see your line of reasoning, but it's not always
the case that you're doing some work on such a box which you
have all the regular commands down pat.  Or maybe I've built
a box for someone else who isn't quite so expert.  If they're
lucky, they'll have another box running the same Unix for some
time.  If I give someone else a firewall, they should be able
to rely on my skills to have built it correctly but they shouldn't
need me to perform regular maintenaince (whatever that may be).
Further to the "3rd party requirements" theory, is it possible
to build a stripped-down firewall and then list each command still
on the system and describe why it is there ?  Do you even need ls
on a firewall if administrative tasks are fully laid out and don't
prescribe its need ?

If you're building your own, sure, you should be able to do without.