Installing a compiler by default
Rocco Stanzione
grasshopper at linuxkungfu.org
Thu Jun 8 22:40:40 BST 2006
On Thursday 08 June 2006 15:30, Florian Zeitz wrote:
>My personal opinion on the security mater is, that on a default desktop
>install ubuntu's no open ports policy is used, so there won't be any
>possibility for attackers to get in anyway.
>Ubuntu-server should certainly not have gcc installed by default.
One of the most important aspects of security is security-in-depth. Our
security policy would not withstand much scrutiny - or many attacks - if we
abandoned all other security considerations under the false assumption that
the no-open-ports policy makes us completely secure.
Installing a compiler introduces security concerns in that it makes some
automated attacks a little easier - but not having a compiler doesn't truly
make a system more secure. At any rate, it's a tradeoff, and we're
discussing whether it's worth it. My opinion is that it is worth it on a
desktop system, but not on a server system.
Rocco
More information about the ubuntu-devel
mailing list