Re: Security Implications of DKMS?

To: David Ehle <ehle@phys.iit.edu>
Cc: debian-security@lists.debian.org
Subject: Re: Security Implications of DKMS?
From: Rares Aioanei <debian.dev.list@gmail.com>
Date: Tue, 27 Mar 2012 14:18:52 +0300
Message-id: <4F71A21C.9010301@gmail.com>
In-reply-to: <alpine.DEB.1.10.1203261023150.10762@agni>
References: <alpine.DEB.1.10.1203261023150.10762@agni>

On 03/26/2012 06:29 PM, David Ehle wrote:

Hello,
A bit of googling doesn't seem to produce much in the way of resultson this topic so I thought I would seek out opinions on the list.
Please let me know if I'm making any false assumptions or showing amis-understanding of the issue:
DKMS is becoming the "preferred" way to do things that requirebuilding/rebuilding modules that don't come packaged with your currentkernel.
DKMS requires compiler/build tools to be installed on the system to doits thing.
Isn't having compilers/build tools considered a security "no no" ifpossible to avoid?

I see that as a myth. Look at it this way: if an attacker already hasaccess to your machine, he/she can install anything he/she wants,including compilers, interpreters, whatever.

Is this limiting the use of DKMS?
How are you balancing the convenience (now sometimes "need") of DKMSvs the risk of having compliers on servers?
If your saying "no," how are you getting the modules onto your securesystems?

s/your/you're


If this is a "solved issue" could you direct me to good documentatin?

Thanks!

David.


Regards,

--
Rares Aioanei

Reply to:

Follow-Ups:
- Re: Security Implications of DKMS?
  - From: Yves-Alexis Perez <corsac@debian.org>

References:
- Security Implications of DKMS?
  - From: David Ehle <ehle@phys.iit.edu>

Prev by Date: Re: Security Implications of DKMS?
Next by Date: Re: Security Implications of DKMS?
Previous by thread: Re: Security Implications of DKMS?
Next by thread: Re: Security Implications of DKMS?
Index(es):
- Date
- Thread