On 18/07/2024 21:22, Theo de Raadt wrote:
Vevy Kod <vevy...@laposte.net> wrote:1. We do not need a good reason to reduce our attack surface. The likeliness of the scenarios we are preventing does not matter: those scenarios will become likely as soon as they become the easiest to exploit.What is the attack surface?
Google is your friend.
2. It prevents unknowingly escalating a supply-chain attack. If a malware is somehow embedded in the compiler, it will be able to 1) read secret keys used by developers to sign binary packages, and 2) embed those secret keys in the compiler output (likely set for distribution).If the compiler has malware, it will probably remove the unveil and pledge. You are bullshitting.
You don't seem to understand the rational of using unveil and pledge. Of course they can always be removed, but that doesn't go unnoticed.
OpenPGP_signature.asc
Description: OpenPGP digital signature
