On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
martin.langhoff@xxxxxxxxx
- ask interesting questions
- don't get distracted with shiny stuff - working code first
~ http://docs.moodle.org/en/User:Martin_Langhoff
defense in depth means limit the attack surface as much as you can
As folks are trying to point out to you, these principles are well understood in this group.
However, _any minimally usable environment will have a scripting engine_ -- /bin/sh, python, and having _any_ of those general purpose tools available is enough for the attacker.
On your own machines, you might gain some (limited) advantage removing some of them.
Fedora and its derivatives, OTOH, are a large enough target that it's worth for attackers to tailor attacks to it. So removing some tools won't do much, and removing _all_ tools will ruin everyone's day.
m
-- martin.langhoff@xxxxxxxxx
- ask interesting questions
- don't get distracted with shiny stuff - working code first
~ http://docs.moodle.org/en/User:Martin_Langhoff
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
