Compile world without inetd binaries: telnetd, tftpd...

[cr0hn]

Hello,

I'm trying to compile my world statically, but I have an error compiling tftpd. I don't need programs like tftpd, telnetd or similar for my systems.

The question: There's any variable for src.conf or similar to disable compilation of these programs?

Thanks!

 

[SirDice]

I'm trying to compile my world statically,

What on earth for?

 

[cr0hn]

Sorry for the word. I'm trying to compile my system with: make buildworld.

 

[SirDice]

Post the error you are getting.

 

[cr0hn]

It return this error:

tftpd.o: In function `main':
/usr/src/libexec/tftpd/tftpd.c:(.text+0x474): undefined reference to `request_init'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x48a): undefined reference to `request_set'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x494): undefined reference to `hosts_access'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x4d7): undefined reference to `request_set'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x4e1): undefined reference to `hosts_access'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x4fa): undefined reference to `request_set'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x504): undefined reference to `hosts_access'
clang: error: linker command failed with exit code 1 (use -v to see invocation)

 

[SirDice]

What do you have in /etc/make.conf?

And did you do a make clean before starting the build?

 

[cr0hn]

My make.conf is this:

COPTFLAGS+= -O3
CPUTYPE?=core2
CFLAGS+= -O3
CXXFLAGS+= -O3
PERL_VERSION=5.12.4

# Add some options
WITH_OPTIMIZED_CFLAGS=YES
BUILD_OPTIMIZED=YES
BUILD_STATIC=YES
WITH_CPUFLAGS=YES
STATIC=YES

# Remove some options
WITHOUT_DEBUG=YES
WITHOUT_X11=YES
NO_SHARED=YES

# Defines malloc with no debug symbols
MALLOC_PRODUCTION=YES

.if !defined(CC) || ${CC} == "cc"
CC=clang
.endif
.if !defined(CXX) || ${CXX} == "c++"
CXX=clang++
.endif
.if !defined(CPP) || ${CPP} == "cpp"
CPP=clang-cpp
.endif

# For CLANG
NO_WERROR=
WERROR=
# Don't forget this when using Jails!
NO_FSCHG=yes

Yes, first of compile I do:

 make clean cleanworld && rm -rf /usr/obj/*

It's seems the problem is for static options, but I want this option in my system. Therefore I want to delete from my system programs like tftpd, telned or similar.

Thanks for your responses.

 

[SirDice]

COPTFLAGS+= -O3
CFLAGS+= -O3
CXXFLAGS+= -O3

Remove all these and never set them again.

NO_SHARED=YES
NO_FSCHG=yes

Remove those too, they are deprecated.

MALLOC_PRODUCTION=YES

Should be moved to src.conf but probably better to remove completely.

In short, remove your make.conf and try again.

 

[cr0hn]

If I remove my make.conf, or delete related of static compilation vars, system compile without problems, but I want my system with no shared libraries.

 

[wblock@]

Why?

 

[cr0hn]

For performance and security. Security thus no shared library can't be loaded and not hooking attack can be executed. Although, of course, I can be wrong.

 

[SirDice]

If your attacker is able to do that you have more serious problems.

The trick is not to let the attacker in in the first place.

 

[cr0hn]

Yes, a good attacker can cause many problems, therefore, all protections are little.

 

[gkontos]

Generally speaking, such an OS hardening would only make sense if you were trying to build a firewall device.
But in order to do that you would actually need to read a good part of the OS code in order to decide exactly what you need, troubleshoot possible performance issues that you might encounter and keep it up to date by applying future patches.

So, unless you work for Checkpoint, stay with what you have now, establish a good security policy and things will turn out ok