On Sat, 14 May 2005, Shlomi Fish wrote:
> On Saturday 14 May 2005 13:05, Tzafrir Cohen wrote:
> >
> > You can install a debian build environment in a chroot jail of an
> > existing system. It seems that the current policy is not to hold the
> > build environment on Eskimo.
>
> Hmmm... I think that not having a build environment is a bit overrated as a
> security measure. A prospective intruder can always install binaries he
> cross-compiled (or just compiled) on his own machine. But not having a build
> environment (not even make, which is practically harmless) causes a lot of
> frustration and problems to the users there. I call this "Security by
> Hurdles", which is a good measure, but sometimes you need to say "Enough is
> enough".
I thought that all successful security mechanisms work by being "security
by hurdles", such as sentries at entrance to sensitive locations, having
to enter a password when logging in, using lock&key to secure doors, etc.
This said, I add my vote against having a build environment in the server.
It is so much easier to install Trojan software when it is not necessary
to figure out the exact version of libraries, kernel, or even the machine
language of the computer in question.
We do need a volunteer to maintain a clone of the server machine - with
exactly the same versions of build tools, Perl interpreter, libraries,
etc. The clone will be used for building any software needed for the real
server.
This will make it possible to configure the server (and its clone) in such
a non-standard way that will foil practically all attempts to install and
activate rogue software on the server.
--- Omer
My opinions, as expressed in this E-mail message, are mine alone.
They do not represent the official policy of any organization with which
I may be affiliated in any way.
WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
