| 1 |
Chí-Thanh Christopher Nguyễn posted on Sun, 18 Nov 2012 12:14:48 +0100 as |
| 2 |
excerpted: |
| 3 |
|
| 4 |
> Matt Turner schrieb: |
| 5 |
>>> Then udev switched to kmod as a build-time dep. I could no longer |
| 6 |
>>> package.provide kmod as I had module-init-tools, because it was |
| 7 |
>>> required to /build/ udev. For no valid reason on my system. Like any |
| 8 |
>>> unnecessary feature that can be used to load an exploit, it's worse |
| 9 |
>>> than useless. |
| 10 |
> |
| 11 |
>> # du -sh /var/tmp/portage/sys-apps/kmod-11-r1/image/ |
| 12 |
>> 240K /var/tmp/portage/sys-apps/kmod-11-r1/image/ |
| 13 |
> |
| 14 |
> I think the complaint was not about the installed size. Some people have |
| 15 |
> "install as little unnecessary code as possible" as part of their |
| 16 |
> security concepts. |
| 17 |
|
| 18 |
That's true, but as a long-term gentooer, I've found over the years it's |
| 19 |
more than that. Every single installed package is another package that |
| 20 |
must be repeatedly rebuilt, as upgrades come in and/or as the system core |
| 21 |
toolchain changes over time and one wants to be sure the whole system is |
| 22 |
consistent and still buildable (emerge --emptytree @world). Every |
| 23 |
installed package I don't use is thus an installed package I'll spend a |
| 24 |
lot of otherwise unnecessary time on, over the years, simply keeping it |
| 25 |
and the system in general upto date. |
| 26 |
|
| 27 |
As one realizes the cost over time, one gets a rather higher motivation |
| 28 |
to keep the system as lean and mean as possible. I look at it this way, |
| 29 |
it's just that much more incentive to practice what has always been known |
| 30 |
as good security practice in any case, keeping everything off the system |
| 31 |
that doesn't have a solid, known reason, for being there. |
| 32 |
|
| 33 |
kmod itself is trivial in size time and space requirements, but it's the |
| 34 |
principle as much as anything, and in the case of an unneeded module |
| 35 |
loader there's an additional security concern as well, since an |
| 36 |
opportunity to load kernel modules is just that much more opportunity to |
| 37 |
install a kernel module that hides otherwise visible tell-tail (logs, |
| 38 |
strange open ports on netstat, strange startup services, etc) signs of |
| 39 |
being rooted. Sure, if someone has module-loading access already, it's |
| 40 |
not a big increased risk, but given that it's an unnecessary, any non- |
| 41 |
negative non-zero increase in risk or maintenance cost over time is |
| 42 |
unacceptable, and on a monolithic kernel gentoo system, a kernel module |
| 43 |
loader increases both, trivially sure, but when there's no justifiable |
| 44 |
reason for it in the first place... |
| 45 |
|
| 46 |
-- |
| 47 |
Duncan - List replies preferred. No HTML msgs. |
| 48 |
"Every nonfree program has a lord, a master -- |
| 49 |
and if you use the program, he is your master." Richard Stallman |
Archives