[Gllug] just preaching to the converted !

Peter Joanes pjoanes at hotmail.com
Wed Oct 26 13:54:36 UTC 2005


On Wednesday 26 October 2005 09:05, Martin A. Brooks wrote:
> Your compiled-from-source-firewall is vulnerable to security problems
> that the shipped-with-debian-firewall is not.  I'm not saying these
> problems will ever be found or exploited.  My point is that _you don't
> know what they are_.
>
> On the other hand my bash binary, which is the same as the bash binary
> which is being used on thousands, if not hundreds of thousands, of other
> systems, has no known security problems.

Bad-admin'ing aside, most of the vulnerabilities that I've seen have been 
fixed by changing the source code, as they result from design or programing 
errors. 
Sometimes it is necessary to disable support for some component in the 
compilation, and because I use Gentoo, these options are chosen by the 
maintainers.

Overall, I agree with Nix -- From a security standpoint the benefits of not 
running the same binaries as everyone else outweigh the benefits of doing so.


-	Pete.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list