On 03/26/2012 06:29 PM, David Ehle wrote:
Hello,
A bit of googling doesn't seem to produce much in the way of results
on this topic so I thought I would seek out opinions on the list.
Please let me know if I'm making any false assumptions or showing a
mis-understanding of the issue:
DKMS is becoming the "preferred" way to do things that require
building/rebuilding modules that don't come packaged with your current
kernel.
DKMS requires compiler/build tools to be installed on the system to do
its thing.
Isn't having compilers/build tools considered a security "no no" if
possible to avoid?
I see that as a myth. Look at it this way: if an attacker already has
access to your machine, he/she can install anything he/she wants,
including compilers, interpreters, whatever.
Is this limiting the use of DKMS?
How are you balancing the convenience (now sometimes "need") of DKMS
vs the risk of having compliers on servers?
If your saying "no," how are you getting the modules onto your secure
systems?
s/your/you're
If this is a "solved issue" could you direct me to good documentatin?
Thanks!
David.
Regards,
--
Rares Aioanei
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f71a21c.9010...@gmail.com
