LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Minimalist builds untested

Minimalist builds untested

Posted Aug 31, 2006 3:47 UTC (Thu) by xoddam (subscriber, #2322)
In reply to: Wow, some misinformation never dies. by corey_s
Parent article: Gentoo Linux 2006.1 released

> This translates into better security.

There are two potential schools of thought on this. One is, "deleted code is debugged code". For sure, vulnerabilities which are specific to the subsystems you're not including will not exist in your minimalist build.

But another point is that what you're running is rather different from anything that has had serious production testing by the upstream project or distributors' QA people. It's a product release uniquely made for and by you, and although you might *generally* be able to trust that upstream will ensure that builds with options switched off do basically work, no-one but you can promise that your exact combination is solid and security-hole free. Can you ever be sure that omitting a major component which everyone else uses won't introduce subtle bugs?

(Log in to post comments)

Minimalist builds untested

Posted Aug 31, 2006 10:46 UTC (Thu) by jimmybgood (guest, #26142) [Link]

This is certainly possible, but seems unlikely unless one chooses to build without security features like selinux or privilege seperation. Do you have any examples? Has there been an abiword built the Debian way with four spell checkers and enchant that doesn't have a vulnerability that abiword built with just one spell checker *does* have? Has there been a cairo built with directfb, svga, ggi and aalib support that is more secure than a cairo built only with X support?

By the same token, upgrading in response to a security fix has been known to leave you more vulnerable than before the security fix. But common sense and experience dictate that you will more likely be safe than sorry for upgrading in such a situation.

While I can't be sure that subtle bugs won't be introduced by building with a reduced feature set, I think, with Linux anyway, the less software I have, the safer I am. With OpenBSD, though, I might agree with you. The consideration being the experience and dedication to security of the coder and the rigor with which the code is tested and audited before being released.

Minimalist builds untested

Posted Aug 31, 2006 15:01 UTC (Thu) by cventers (subscriber, #31465) [Link]

Perhaps, but one thing I find interesting about building your system from
source (and then prelinking your magic blend) is that it would presumably
make things much more difficult for someone that wanted to inject
shellcode through an overflow vulnerability. If you want to target a
bunch of Linux systems, you can go after a distribution like Red Hat
where everyone is running exactly the same binaries.

In a world like Gentoo, though, they're running the same software, but
all with different combinations of features and load addresses. How do
write shellcode to jump to a different function in the app if everyone's
compiler has put the function at a different address or GOT offset, for
reasons of different compiler versions, USE flags, etc?

That doesn't alleviate the problem the way some other solutions (like
PaX) do, but I don't think that property could hurt at all -- certainly
not if our systems were facing a threat from a worm, for example.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds