> From: Vigorito, Nicholas E. [mailto:[EMAIL PROTECTED]
> A coworker claims that all unix admins should never install
> open source binaries. They should build using the source.
Binaries are marginally more open to tampering; this is why most (all?)
Apache projects provide checksums of the built packages. A cracker
would have to replace the binaries on the distribution machine *and*
tamper with the checksums that are held on a different machine. Or
they'd have to be part of the relevant build team, in which case they
may well be able to get their crack into the source anyway.
It's rather like conducting a detailed inspection of everything you buy
for bugs before loading it into your car. You *might* catch something,
but the odds are low.
Here's how to decide. If you multiply the expected loss due to a
break-in (say $10M) by the probability of catching something you
wouldn't have caught because the binary's been compromised *and* the
checksums have been tampered with (say 1 in 100,000) by the probability
of that security hole being exploited (say 1 in 10), you get an expected
loss of $10. I suspect it would cost half a day to build from source
(say $150 of staff time); so in this case the organisation should use
the binary, because the expected cost to the organisation is lower than
the cost of building from source. Substitute your own figures for loss,
probabilities, and cost of build to come up with your own answer for
your own organisation!
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
