LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Minimalist builds untested

Minimalist builds untested

Posted Aug 31, 2006 10:46 UTC (Thu) by jimmybgood (guest, #26142)
In reply to: Minimalist builds untested by xoddam
Parent article: Gentoo Linux 2006.1 released

This is certainly possible, but seems unlikely unless one chooses to build without security features like selinux or privilege seperation. Do you have any examples? Has there been an abiword built the Debian way with four spell checkers and enchant that doesn't have a vulnerability that abiword built with just one spell checker *does* have? Has there been a cairo built with directfb, svga, ggi and aalib support that is more secure than a cairo built only with X support?

By the same token, upgrading in response to a security fix has been known to leave you more vulnerable than before the security fix. But common sense and experience dictate that you will more likely be safe than sorry for upgrading in such a situation.

While I can't be sure that subtle bugs won't be introduced by building with a reduced feature set, I think, with Linux anyway, the less software I have, the safer I am. With OpenBSD, though, I might agree with you. The consideration being the experience and dedication to security of the coder and the rigor with which the code is tested and audited before being released.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds