Security Implications of DKMS?


Hello,

A bit of googling doesn't seem to produce much in the way of results onthis topic so I thought I would seek out opinions on the list.

Please let me know if I'm making any false assumptions or showing amis-understanding of the issue:

DKMS is becoming the "preferred" way to do things that requirebuilding/rebuilding modules that don't come packaged with your currentkernel.

DKMS requires compiler/build tools to be installed on the system to do itsthing.

Isn't having compilers/build tools considered a security "no no" ifpossible to avoid?


Is this limiting the use of DKMS?

How are you balancing the convenience (now sometimes "need") of DKMS vsthe risk of having compliers on servers?

If your saying "no," how are you getting the modules onto your securesystems?


If this is a "solved issue" could you direct me to good documentatin?

Thanks!

David.

Reply to:

Follow-Ups:
- Re: Security Implications of DKMS?
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Security Implications of DKMS?
  - From: Russell Coker <russell@coker.com.au>
- Re: Security Implications of DKMS?
  - From: Rares Aioanei <debian.dev.list@gmail.com>