Refresher on gcc port and the executables

Ian Wadham iandw.au at gmail.com
Thu Sep 12 01:14:48 PDT 2013 

Tabitha,

This is wildly off topic for Macports, but here goes.

On 11/09/2013, at 8:22 PM, Tabitha McNerney wrote:
> I have been doing some more research and spoke with some people in the industry about certified compilers.

I do not know where you are from or what your applications and data are, but
I hope you are thinking laterally about security.  There are two general rules:

    - Defence in depth
    - All-round defence

We try our best to make software secure and not leave any glaring loopholes,
but in the end it is an uphill task, so software security needs to be backed up
by other measures, such as physical security, special hardware, comprehensive
logs, positive vetting, etc. i.e. defence in depth.

All-round defence means that your "walls" must be equally "high" and "thick"
everywhere, otherwise your enemy will find the weak spot and exploit it.

I was once allowed to work late, on my own, in a computer installation in a
security-minded organisation.  The computer area was separately secured
within a building that had alarms everywhere at night and guards on 24 hour
duty at the main door, i.e. defence in depth.

They did not want to give me the combination for the main computer centre
door, so instead they gave me a complicated-looking Chubb key to open a
side door, with strict instructions to lock the door carefully when I left and
return the key to the guards.  When it was time to leave, I gave the door a
good tug and, to my great surprise, a ventilator grille fell out of the lower
part of the door, leaving a physical "trapdoor" anybody could crawl through!

This is an example of a failure of all-round defence.  Why have a complicated
lock and key when there is a hole in the door that anyone can open?

It did not matter, though, because of the defence in depth that surrounded
the problem area.  And the door was easily fixed next day.

Re operating systems, have you looked at the derivatives of SE Linux
(SE = Security Enhanced)?  See:
http://en.wikipedia.org/wiki/Security-Enhanced_Linux and
http://en.wikipedia.org/wiki/Mandatory_access_control

Cheers, Ian W.

More information about the macports-users mailing list