build-essential

[Matt Zimmerman]

On Sat, Sep 04, 2004 at 10:08:20AM +1000, Jeff Waugh wrote:

> <quote who="Matt Zimmerman">
> 
> > Removing the compiler only creates a marginal amount of extra work for an
> > attacker who will just upload or download their own binaries or find
> > another way around it, while the other 99.9% of people using the system
> > are needlessly inconvenienced.
> 
> The other 99.9% of people using the system... Are they all going to use GCC?

A lot of Linux users are accustomed to using gcc.  Not only developers;
novices are taught that this is the way to get things done.  They compile
the kernel.  They compile device drivers.  They compile random things they
download from the Internet.

> Our desktop seed is meant to provide the greatest common factor of packages
> that will be used on a desktop machine. It's *not* meant to be a superdooper
> hacker workstation.

Reaching out to non-technical users is great, but it doesn't require that we
abandon traditional Linux users and their expectations.

> I'd suggest that 99.9% of people using the system will not be
> inconvenienced because they won't even know what a compiler is. Thus, the
> ship seed is the appropriate place for it -> anyone who needs a compiler
> can get it straight off the CD as soon as they install.

I've already had more than one sounder ask me "where the hell is the
compiler?"  Linux users expect it.  Really!

The problem with getting it from the CD is that they don't even realize that
it's missing until the first time they use it.

> (I still feel uncomfortable with compilers being available on production
> machines, and don't think the "marginal amount of extra work for kiddies"
> argument is good enough: Worms don't do marginal amounts of extra work. I'm
> sure someone's said the same thing about sandboxing scripting frameworks!)

It's not a make-or-break requirement, as far as I'm concerned, that the
system include a C compiler.  But I really get irked when people try to
paint this as a security feature.

-- 
 - mdz