[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: server and client in one package -> security issue
From: |
Hartmut Goebel |
Subject: |
Re: server and client in one package -> security issue |
Date: |
Sun, 12 Feb 2017 17:52:14 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 |
Am 12.02.2017 um 13:53 schrieb David Craven:
> By development files I assume you mean header files? I don't see how those can
> pose a security problem. Can you elaborate?
Yes, I meant header files, but also pkgconfig files and all this stuff
(including documentation). Having this (and compilers, etc.) available
on the target machine makes it *much* easier for an intruder to compile
attack tools for malware on the target. If these are missing, the
intruder needs to collect a lot of information first to be able to build
tools for the target.
Of course this is not a silver bullet, but it one piece of protection.
Like a lock on the door: It may take the burglar only 2 Minutes to open
it, but less skilled ones may be discouraged. Or these 2 Minutes may
give you some advantage.
--
Regards
Hartmut Goebel
| Hartmut Goebel | address@hidden |
| www.crazy-compilers.com | compilers which you thought are impossible |
- Re: Add murmur., (continued)
- Re: Add murmur., David Craven, 2017/02/12
- Re: Add murmur., Hartmut Goebel, 2017/02/14
- Re: Add murmur., ng0, 2017/02/14
- server and client in one package -> security issue (was: Add murmur), Hartmut Goebel, 2017/02/12
- Re: server and client in one package -> security issue (was: Add murmur), ng0, 2017/02/12
- Re: server and client in one package -> security issue (was: Add murmur), David Craven, 2017/02/12
- Re: server and client in one package -> security issue,
Hartmut Goebel <=
- Re: server and client in one package -> security issue, Ludovic Courtès, 2017/02/13
- Re: server and client in one package -> security issue, Hartmut Goebel, 2017/02/14
- Re: server and client in one package -> security issue, Andy Wingo, 2017/02/14
- Re: server and client in one package -> security issue (was: Add murmur), Danny Milosavljevic, 2017/02/14
- Re: server and client in one package -> security issue (was: Add murmur), ng0, 2017/02/14
- Re: server and client in one package -> security issue, Hartmut Goebel, 2017/02/14