From mboxrd@z Thu Jan  1 00:00:00 1970
From: Hartmut Goebel <h.goebel@crazy-compilers.com>
Subject: Re: server and client in one package -> security issue
Date: Sun, 12 Feb 2017 17:52:14 +0100
Message-ID: <b883affc-bfd0-f94b-65d4-b625ed41262d@crazy-compilers.com>
References: <20170201204312.3005-1-contact.ng0@cryptolab.net>
	<87mvdvxq9v.fsf@gnu.org> <20170209182030.ngn2dsdfbzsmymdj@wasp>
	<87efz7asit.fsf@gnu.org>
	<96fa2c02-f5da-d4f5-6074-04b29f5376fb@crazy-compilers.com>
	<20170212123147.odpfawkb6gosh2bx@wasp>
	<CAL1_imknPSFbajiGfBwBRf=2PxR4Y9WzJ3gxjPsaaiOWZNfi1w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57999)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <h.goebel@crazy-compilers.com>) id 1ccxNx-00039G-Ha
	for guix-devel@gnu.org; Sun, 12 Feb 2017 11:52:26 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <h.goebel@crazy-compilers.com>) id 1ccxNu-0001JI-G3
	for guix-devel@gnu.org; Sun, 12 Feb 2017 11:52:25 -0500
Received: from mail-out.m-online.net ([2001:a60:0:28:0:1:25:1]:36209)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <h.goebel@crazy-compilers.com>)
	id 1ccxNu-0001Ir-A3
	for guix-devel@gnu.org; Sun, 12 Feb 2017 11:52:22 -0500
In-Reply-To: <CAL1_imknPSFbajiGfBwBRf=2PxR4Y9WzJ3gxjPsaaiOWZNfi1w@mail.gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: David Craven <david@craven.ch>, guix-devel <guix-devel@gnu.org>

Am 12.02.2017 um 13:53 schrieb David Craven:
> By development files I assume you mean header files? I don't see how those can
> pose a security problem. Can you elaborate?

Yes, I meant header files, but also pkgconfig files and all this stuff
(including documentation). Having this (and compilers, etc.) available
on the target machine makes it *much* easier for an intruder to compile
attack tools for malware on the target. If these are missing, the
intruder needs to collect a lot of information first to be able to build
tools for the target.

Of course this is not a silver bullet, but it one piece of protection.
Like a lock on the door: It may take the burglar only 2 Minutes to open
it, but less skilled ones may be discouraged. Or these 2 Minutes may
give you some advantage.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |