Re: Security Implications of DKMS?
On Tue, 27 Mar 2012, David Ehle <email@example.com> wrote:
> Isn't having compilers/build tools considered a security "no no" if
> possible to avoid?
There have been some attacks on systems which have relied on the presence of
various compilers and interpreters, the best known example is the Morris Worm.
But there are few of them that couldn't have been written to talk to a server
which has binaries for all common platforms and download the code that
Nowadays there are far fewer platforms than there used to be so any hostile
party who develops an exploit for Linux will probably just concentrate on i386
and AMD64 with a somewhat recent GLIBC.
Also there's the issue of how a system is exploited. If an exploit relies on
a bug that is specific to a particular architecture of a particular OS then
there would be no benefit in the attacker sending source code as they know
exactly the binary that they need to send.
Finally there's a lot that can be done with Perl, Python, and shell scripts
and a modern Debian system is not very usable without all three of those.
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/