From mboxrd@z Thu Jan  1 00:00:00 1970
From: Hartmut Goebel <h.goebel@crazy-compilers.com>
Subject: Re: server and client in one package -> security issue
Date: Tue, 14 Feb 2017 11:28:32 +0100
Message-ID: <58A2DBD0.80905@crazy-compilers.com>
References: <20170201204312.3005-1-contact.ng0@cryptolab.net>
	<87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp>
	<87efz7asit.fsf@gnu.org>
	<96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com>
	<87o9y6dvrf.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39988)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h.goebel@crazy-compilers.com>) id 1cdaLi-0008L6-HQ
	for guix-devel@gnu.org; Tue, 14 Feb 2017 05:28:43 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <h.goebel@crazy-compilers.com>) id 1cdaLf-0004PY-CC
	for guix-devel@gnu.org; Tue, 14 Feb 2017 05:28:42 -0500
In-Reply-To: <87o9y6dvrf.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

Am 13.02.2017 um 15:13 schrieb Ludovic Court=C3=A8s:
> Now, back to the =E2=80=9Conly install the required software=E2=80=9D, =
I wouldn=E2=80=99t go as
> far as you do.  I generally agree with the rule, but I=E2=80=99m skepti=
cal as to
> what this buys you from a security perspective: users can always instal=
l
> whatever they want by hand anyway, and do you have an idea as to how
> much code they install via their browser?

Looks like we are talking about different systems. I'm talking about
hardened systems, esp. servers, where users are not allowed to install
additional software =E2=80=93 not even browser add-on.

Yes, even on these systems a skilled person can install any software
he/she wants. But it is much effort and requires more skills =E2=80=93 de=
pending
on a lot of parameters =E2=80=93 to bring an exploit to the system as if =
the
exploit is already there since some software including the exploit is
already installed.

Is stress the example with the door of your flat again: For a skilled
person opening a locked door is easy even if there is a pun tumbler lock
[1]. But would you use just a ward key instead, which can be opened by
nearly anybody =E2=80=93 and even lay the skeleton key [2] beside the doo=
r?

And this what hardening is about: reducing the attack surface and
removing as many tools as a possible.

Is a GNU/Linux distribution separates components sorrowly, its easier to
harden the system, which makes the distribution more attractive compared
to other distributions.

[1] https://en.wikipedia.org/wiki/Pin_tumbler_lock
[2] https://en.wikipedia.org/wiki/Skeleton_key

--=20
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |