Installing a compiler by default

Florian Zeitz Florian.Zeitz at gmx.de
Thu Jun 8 21:30:44 BST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anders Karlsson wrote:
> On Thu, 2006-06-08 at 09:44 -0700, Matt Zimmerman wrote:
>> I would like to propose that, beginning in Edgy, Ubuntu desktop systems
>> (both live and installed) should, by default, include the set of packages
>> necessary to compile simple C programs and Linux kernel modules.
> 
> [snip]
> 
> Having a compiler installed is not wrong, and you already identified
> what would be my biggest fear, getting systems compromised and handing
> the intruder the tools to carry on on a silver platter.
> 
> It can possibly be mitigated by at the same time ensuring that possibly
> SELinux is installed and active with a sensible default and there is a
> sensibly configured firewall on the system. With the dbus interface, it
> should be possible to then highlight to a user if there is something
> 'funny' going on. It's just a thought.
> 
> Kind Regards,
> 
> 

My personal opinion on the security mater is, that on a default desktop
install ubuntu's no open ports policy is used, so there won't be any
possibility for attackers to get in anyway.
Ubuntu-server should certainly not have gcc installed by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFEiIj00JXcdjR+9YQRAvUNAJ0envJgIa6nlZCNotUuoJ8U59WdjACfaIRx
tWwoiZWk87OvFGKQyzQWXOg=
=AMGc
-----END PGP SIGNATURE-----



More information about the ubuntu-devel mailing list