Re: server and client in one package -> security issue

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: server and client in one package -> security issue

From:	Hartmut Goebel
Subject:	Re: server and client in one package -> security issue
Date:	Sun, 12 Feb 2017 17:52:14 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

Am 12.02.2017 um 13:53 schrieb David Craven:
> By development files I assume you mean header files? I don't see how those can
> pose a security problem. Can you elaborate?

Yes, I meant header files, but also pkgconfig files and all this stuff
(including documentation). Having this (and compilers, etc.) available
on the target machine makes it *much* easier for an intruder to compile
attack tools for malware on the target. If these are missing, the
intruder needs to collect a lot of information first to be able to build
tools for the target.

Of course this is not a silver bullet, but it one piece of protection.
Like a lock on the door: It may take the burglar only 2 Minutes to open
it, but less skilled ones may be discouraged. Or these 2 Minutes may
give you some advantage.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | address@hidden               |
| www.crazy-compilers.com | compilers which you thought are impossible |

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Add murmur., (continued)

Prev by Date: FAIL: tests/cpan.scm, tests/gem.scm, tests/pypi.scm, tests/crate.scm
Next by Date: Re: Add murmur.
Previous by thread: Re: server and client in one package -> security issue (was: Add murmur)
Next by thread: Re: server and client in one package -> security issue
Index(es):
- Date
- Thread