# Compile world without inetd binaries: telnetd, tftpd...



## cr0hn (Jul 25, 2012)

Hello,

I'm trying to compile my world statically, but I have an error compiling *tftpd*. I don't need programs like *tftpd*, *telnetd* or similar for my systems.  

The question: There's any variable for src.conf or similar to disable compilation of these programs?

Thanks!


----------



## SirDice (Jul 25, 2012)

cr0hn said:
			
		

> I'm trying to compile my world statically,


What on earth for?


----------



## cr0hn (Jul 25, 2012)

Sorry for the word. I'm trying to compile my system with: make buildworld.


----------



## SirDice (Jul 25, 2012)

Post the error you are getting.


----------



## cr0hn (Jul 26, 2012)

It return this error:


```
tftpd.o: In function `main':
/usr/src/libexec/tftpd/tftpd.c:(.text+0x474): undefined reference to `request_init'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x48a): undefined reference to `request_set'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x494): undefined reference to `hosts_access'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x4d7): undefined reference to `request_set'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x4e1): undefined reference to `hosts_access'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x4fa): undefined reference to `request_set'
/usr/src/libexec/tftpd/tftpd.c:(.text+0x504): undefined reference to `hosts_access'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
```


----------



## SirDice (Jul 26, 2012)

What do you have in /etc/make.conf?

And did you do a *make clean* before starting the build?


----------



## cr0hn (Jul 26, 2012)

My make.conf is this:


```
COPTFLAGS+= -O3
CPUTYPE?=core2
CFLAGS+= -O3
CXXFLAGS+= -O3
PERL_VERSION=5.12.4

# Add some options
WITH_OPTIMIZED_CFLAGS=YES
BUILD_OPTIMIZED=YES
BUILD_STATIC=YES
WITH_CPUFLAGS=YES
STATIC=YES

# Remove some options
WITHOUT_DEBUG=YES
WITHOUT_X11=YES
NO_SHARED=YES

# Defines malloc with no debug symbols
MALLOC_PRODUCTION=YES

.if !defined(CC) || ${CC} == "cc"
CC=clang
.endif
.if !defined(CXX) || ${CXX} == "c++"
CXX=clang++
.endif
.if !defined(CPP) || ${CPP} == "cpp"
CPP=clang-cpp
.endif

# For CLANG
NO_WERROR=
WERROR=
# Don't forget this when using Jails!
NO_FSCHG=yes
```

Yes, first of compile I do:

```
make clean cleanworld && rm -rf /usr/obj/*
```

It's seems the problem is for static options, but I want this option in my system. Therefore I want to delete from my system programs like tftpd, telned or similar.

Thanks for your responses.


----------



## SirDice (Jul 26, 2012)

cr0hn said:
			
		

> ```
> COPTFLAGS+= -O3
> CFLAGS+= -O3
> CXXFLAGS+= -O3
> ```


Remove all these and never set them again.



> ```
> NO_SHARED=YES
> NO_FSCHG=yes
> ```


Remove those too, they are deprecated.


```
MALLOC_PRODUCTION=YES
```
Should be moved to src.conf but probably better to remove completely.

In short, remove your make.conf and try again.


----------



## cr0hn (Jul 26, 2012)

If I remove my make.conf, or delete related of static compilation vars, system compile without problems, but I want my system with no shared libraries.


----------



## wblock@ (Jul 26, 2012)

Why?


----------



## cr0hn (Jul 26, 2012)

For performance and security. Security thus no shared library can't be loaded and not hooking attack can be executed. Although, of course, I can be wrong.


----------



## SirDice (Jul 27, 2012)

If your attacker is able to do that you have more serious problems.

The trick is not to let the attacker in in the first place.


----------



## cr0hn (Jul 27, 2012)

Yes, a good attacker can cause many problems, therefore, all protections are little.


----------



## gkontos (Jul 27, 2012)

Generally speaking, such an OS hardening would only make sense if you were trying to build a firewall device. 
But in order to do that you would actually need to read a good part of the OS code in order to decide exactly what you need, troubleshoot possible performance issues that you might encounter and keep it up to date by applying future patches.

So, unless you work for Checkpoint, stay with what you have now, establish a good security policy and things will turn out ok


----------

