Once upon a time, Reindl Harald <h.rei...@thelounge.net> said: > wrong question - is /bin/sh used? > if the answer is yes then the anser to your question is no > > the point is remove anything *unneeded* from production systems > that are best practices for many years and for good reasons
No, the point is that "remove a bunch of stuff to 'secure' the system" is not security, and should not be claimed that it is being done for 'security'. If you have bash as /bin/sh (as a 'standard' Fedora system does), you don't need wget/curl to download stuff for example. Can you lock that down more? Sure, you can remove network access, remove local write access, etc. However, that is separate from removing arbitrary binaries from the system/image. Removing non-privileged binaries from the image does _nothing_ for security (as claimed up-thread). -- Chris Adams <li...@cmadams.net> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
