Security Implications of DKMS?
Hello,
A bit of googling doesn't seem to produce much in the way of results on
this topic so I thought I would seek out opinions on the list.
Please let me know if I'm making any false assumptions or showing a
mis-understanding of the issue:
DKMS is becoming the "preferred" way to do things that require
building/rebuilding modules that don't come packaged with your current
kernel.
DKMS requires compiler/build tools to be installed on the system to do its
thing.
Isn't having compilers/build tools considered a security "no no" if
possible to avoid?
Is this limiting the use of DKMS?
How are you balancing the convenience (now sometimes "need") of DKMS vs
the risk of having compliers on servers?
If your saying "no," how are you getting the modules onto your secure
systems?
If this is a "solved issue" could you direct me to good documentatin?
Thanks!
David.
Reply to: