From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hartmut Goebel Subject: Re: server and client in one package -> security issue Date: Sun, 12 Feb 2017 17:52:14 +0100 Message-ID: References: <20170201204312.3005-1-contact.ng0@cryptolab.net> <87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp> <87efz7asit.fsf@gnu.org> <96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com> <20170212123147.odpfawkb6gosh2bx@wasp> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57999) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccxNx-00039G-Ha for guix-devel@gnu.org; Sun, 12 Feb 2017 11:52:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccxNu-0001JI-G3 for guix-devel@gnu.org; Sun, 12 Feb 2017 11:52:25 -0500 Received: from mail-out.m-online.net ([2001:a60:0:28:0:1:25:1]:36209) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ccxNu-0001Ir-A3 for guix-devel@gnu.org; Sun, 12 Feb 2017 11:52:22 -0500 In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: David Craven , guix-devel Am 12.02.2017 um 13:53 schrieb David Craven: > By development files I assume you mean header files? I don't see how those can > pose a security problem. Can you elaborate? Yes, I meant header files, but also pkgconfig files and all this stuff (including documentation). Having this (and compilers, etc.) available on the target machine makes it *much* easier for an intruder to compile attack tools for malware on the target. If these are missing, the intruder needs to collect a lot of information first to be able to build tools for the target. Of course this is not a silver bullet, but it one piece of protection. Like a lock on the door: It may take the burglar only 2 Minutes to open it, but less skilled ones may be discouraged. Or these 2 Minutes may give you some advantage. -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |