1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
documentation_complete: true
title: 'Minimize Software to Minimize Vulnerability'
description: |-
The simplest way to avoid vulnerabilities in software is to avoid
installing that software. On {{{ full_name }}},
{{%- if pkg_system == "rpm" -%}}
the RPM Package Manager (originally Red Hat Package Manager, abbreviated RPM)
{{%- elif pkg_system == "dpkg" -%}}
the Package Manager (originally {{{ weblink(link="https://www.debian.org/doc/manuals/debian-faq/pkgtools.en.html", text="apt") }}} ),
{{%- endif %}}
allows for careful management of
the set of software packages installed on a system. Installed software
contributes to system vulnerability in several ways. Packages that
include setuid programs may provide local attackers a potential path to
privilege escalation. Packages that include network services may give
this opportunity to network-based attackers. Packages that include
programs which are predictably executed by local users (e.g. after
graphical login) may provide opportunities for trojan horses or other
attack code to be run undetected. The number of software packages
installed on a system can almost always be significantly pruned to include
only the software for which there is an environmental or operational need.
|
