Installing a compiler by default
Matt Zimmerman
mdz at ubuntu.com
Tue Jun 13 19:57:38 BST 2006
On Sat, Jun 10, 2006 at 02:41:52PM +1000, Cefiar wrote:
> On Friday 09 June 2006 02:44, Matt Zimmerman wrote:
> > I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> > (both live and installed) should, by default, include the set of packages
> > necessary to compile simple C programs and Linux kernel modules.
>
> I think that if we do this, we need to provide some way of restricting access
> to GCC. This removes most of the concern that people have, IMO.
I can't really agree; I don't at all support the assertion that there is a
security concern here, and even if I did, restricting access wouldn't solve
the problem.
The usual argument that people make is that the availability of gcc makes it
easier for a worm to compile exploits, rootkits and so forth for the target
system. This really isn't a sizeable barrier, though, and plenty of worms
are written which cause plenty of destruction without a compiler. Some easy
ways to circumvent this "security" mechanism include:
- Including instructions in the worm for installing a compiler (I can easily
think of a sequence of less than 10 shell commands which would get a
compiler installed on a majority of Linux systems, regardless of which
distribution is in use)
- It is possible (and indeed it has been done) to write exploits in a
language for which an interpreter is likely to be available on the system
already, such as Python. We certainly shouldn't exclude Python because of
this possibility, though!
- It's even possible (and indeed it has been done) to write a C compiler in
Python, and to use that to compile an exploit.
- It is possible (and indeed it has been done) to ship a simple C compiler
built for the target architecture. It's pretty easy to build a simple
program which will run on any 32-bit Intel Linux system, which is a huge
majority
--
- mdz
More information about the ubuntu-devel
mailing list