Installing a compiler by default

classic Classic list List threaded Threaded
114 messages Options
1234 ... 6
Reply | Threaded
Open this post in threaded view
|

Installing a compiler by default

Matt Zimmerman-2
I would like to propose that, beginning in Edgy, Ubuntu desktop systems
(both live and installed) should, by default, include the set of packages
necessary to compile simple C programs and Linux kernel modules.

My reasoning is based on the following points:

 * Linux systems have traditionally shipped with gcc

 * The most common way to obtain a new driver for a Linux system is
   to compile it from C source code

 * A common reason to install a new driver on a Linux system is to gain
   access to the Internet, so support can be difficult to obtain in such a
   scenario

 * A great deal of distribution-agnostic documentation assumes the
   availability of gcc

 * Users who are new to Ubuntu have no idea how to install the necessary
   packages for building a kernel module

 * build-essential and linux-headers are already included on Ubuntu CDs, so
   they would not occupy more space if installed by default
 
 * An excessive amount of RAM is needed to install build-essential and
   linux-headers in the live CD environment, and we only have enough space
   for them either in preinstalled form (for the live session) OR packaged
   form (for the installed system), not both

Some arguments against this approach include:

 * Most users don't need a compiler

 * If they have already compromised a system, worms can use a compiler to
   help propagate themselves and launch attacks (and if one is installed by
   default, this is a more appealing technique for targeting Ubuntu systems)
 
 * We should solve the same problems in more elegant ways where possible

I'm interested in hearing more opinions one way or the other, especially
from beyond the developer community.

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Rocco Stanzione
On Thursday 08 June 2006 11:44, Matt Zimmerman wrote:
> I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> (both live and installed) should, by default, include the set of packages
> necessary to compile simple C programs and Linux kernel modules.

One of the first things I install is build-essential, and 'apt-get install
build-essential' is one of the more common answers to questions asked on irc.  
+1.

> My reasoning is based on the following points:
>
>  * Linux systems have traditionally shipped with gcc
>
>  * The most common way to obtain a new driver for a Linux system is
>    to compile it from C source code
>
>  * A common reason to install a new driver on a Linux system is to gain
>    access to the Internet, so support can be difficult to obtain in such a
>    scenario
>
>  * A great deal of distribution-agnostic documentation assumes the
>    availability of gcc
>
>  * Users who are new to Ubuntu have no idea how to install the necessary
>    packages for building a kernel module
>
>  * build-essential and linux-headers are already included on Ubuntu CDs, so
>    they would not occupy more space if installed by default
>
>  * An excessive amount of RAM is needed to install build-essential and
>    linux-headers in the live CD environment, and we only have enough space
>    for them either in preinstalled form (for the live session) OR packaged
>    form (for the installed system), not both

I agree with all these arguments, and I don't have any more to add just now.

> Some arguments against this approach include:
>
>  * Most users don't need a compiler
>
>  * If they have already compromised a system, worms can use a compiler to
>    help propagate themselves and launch attacks (and if one is installed by
>    default, this is a more appealing technique for targeting Ubuntu
> systems)

I once avoided getting hit by slapper, in spite of a vulnerable apache+openssl
server, by having gcc executable only by myself.  For Ubuntu, we could make
this a group permission or UID=1000.  This doesn't help if the user's account
is compromised, but can help prevent compromised services (like apache) from
using gcc.

>  * We should solve the same problems in more elegant ways where possible
>
> I'm interested in hearing more opinions one way or the other, especially
> from beyond the developer community.

Thanks,

Rocco

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Scott Dier
Rocco Stanzione wrote:
> I once avoided getting hit by slapper, in spite of a vulnerable apache+openssl
> server, by having gcc executable only by myself.  For Ubuntu, we could make
> this a group permission or UID=1000.  This doesn't help if the user's account
> is compromised, but can help prevent compromised services (like apache) from
> using gcc.
>

If this is done please ensure that it is highly configurable through
debconf -- I install compilers with broken UID spaces based on legacy
NIS configurations.

Thanks,

--
Scott Dier <[hidden email]>

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Erast Benson
In reply to this post by Matt Zimmerman-2
On Thu, 2006-06-08 at 09:44 -0700, Matt Zimmerman wrote:

> I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> (both live and installed) should, by default, include the set of packages
> necessary to compile simple C programs and Linux kernel modules.
>
> My reasoning is based on the following points:
>
>  * Linux systems have traditionally shipped with gcc
>
>  * The most common way to obtain a new driver for a Linux system is
>    to compile it from C source code

Unfortunately for Linux-based systems this will be always a usability
killing factor unless... (see below)

>  * A common reason to install a new driver on a Linux system is to gain
>    access to the Internet, so support can be difficult to obtain in such a
>    scenario
>
>  * A great deal of distribution-agnostic documentation assumes the
>    availability of gcc
>
>  * Users who are new to Ubuntu have no idea how to install the necessary
>    packages for building a kernel module
>
>  * build-essential and linux-headers are already included on Ubuntu CDs, so
>    they would not occupy more space if installed by default
>  
>  * An excessive amount of RAM is needed to install build-essential and
>    linux-headers in the live CD environment, and we only have enough space
>    for them either in preinstalled form (for the live session) OR packaged
>    form (for the installed system), not both

> Some arguments against this approach include:
>
>  * Most users don't need a compiler
>
>  * If they have already compromised a system, worms can use a compiler to
>    help propagate themselves and launch attacks (and if one is installed by
>    default, this is a more appealing technique for targeting Ubuntu systems)
>  
>  * We should solve the same problems in more elegant ways where possible
>
> I'm interested in hearing more opinions one way or the other, especially
> from beyond the developer community.

Having gcc pre-installed and ready to use is a good thing but somehow I
always thought that "apt-get install gcc" on Debian(s) fulfill the need.

FYI, Solaris 10 shipped with gcc pre-installed too but for different
reasons obviously, like compiling FOSS, etc. OpenSolaris drivers are
written using kernel DDI interface which is not changing as often as
unstable Linux kernel interfaces. Usually driver compiled years ago
should work just fine on any OpenSolaris based distro such as NexentaOS.

So, theoretically, the best way to resolve a Linux kernel driver problem
would be to convince Linus to stabilize kernel interfaces at some point.
But for now, shipping gcc pre-installed + kernel headers and wrappers to
re-build drivers on the fly like DKMS is the best option. Its ugly and
creates a lot of headaches for an end users especially with a new
hardware which is not "main-line" accepted yet. But it seems to be a
right way to go for Ubuntu for now.

Erast


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Matt Zimmerman-2
In reply to this post by Matt Zimmerman-2
On Thu, Jun 08, 2006 at 01:26:20PM -0400, Lee Revell wrote:
> On Thu, 2006-06-08 at 09:44 -0700, Matt Zimmerman wrote:
> > I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> > (both live and installed) should, by default, include the set of packages
> > necessary to compile simple C programs and Linux kernel modules.
> >
>
> What specific use case do you have in mind?

A user requires a driver in order to make effective use of their hardware.
One is available, but it isn't included in Ubuntu for whatever reason (it
wasn't suitable for release at the time, or didn't support their particular
device yet, whatever).  How-to documents are available which explain
step-by-step how they can get up and running, but they don't work because of
the lack of a compiler.

> How common is it really for Joe User to have to compile a kernel module
> to get his hardware to work?

Common enough; search the forums or ubuntu-users or hang out on #ubuntu for
a while, and this comes up.

> Why can't it be solved upstream by getting the driver into the kernel?

There are various reasons why this isn't a magic bullet.  Upstream has
strict requirements on what they will include, and in general there is a lag
between the availability of new hardware and its support in stable,
release-quality distribution kernels.  There are also intellectual property
issues to consider in some cases, or simple lack of awareness of the
availability of a particular chunk of code.

> If the point is to compile kernel modules, doesn't that also require the
> full kernel source?

No.

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Derek Broughton-2
In reply to this post by Matt Zimmerman-2
Matt Zimmerman wrote:

> I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> (both live and installed) should, by default, include the set of packages
> necessary to compile simple C programs and Linux kernel modules.

I'm an extremely experienced computer user (including Linux since the early
days of Debian) and even I don't need gcc.
>
> My reasoning is based on the following points:
>
>  * Linux systems have traditionally shipped with gcc

The worst of reasons.
>
>  * The most common way to obtain a new driver for a Linux system is
>    to compile it from C source code

_My_ most common way to do anything is to find a binary.
>
>  * A common reason to install a new driver on a Linux system is to gain
>    access to the Internet, so support can be difficult to obtain in such a
>    scenario

It's not _that_ common.  Especially if you purchase hardware based on known
support in Linux.
>
>  * A great deal of distribution-agnostic documentation assumes the
>    availability of gcc

True.
>
>  * Users who are new to Ubuntu have no idea how to install the necessary
>    packages for building a kernel module

Users new to Ubuntu have no idea how to compile a kernel module.  Installing
gcc only gets them marginally closer.

>  * An excessive amount of RAM is needed to install build-essential and
>    linux-headers in the live CD environment, and we only have enough space
>    for them either in preinstalled form (for the live session) OR packaged
>    form (for the installed system), not both

I don't quite understand why gcc makes any difference, there.

--
derek


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Ricardo Pérez López-2
In reply to this post by Matt Zimmerman-2
El jue, 08-06-2006 a las 11:02 -0700, Matt Zimmerman escribió:

> On Thu, Jun 08, 2006 at 01:26:20PM -0400, Lee Revell wrote:
> > On Thu, 2006-06-08 at 09:44 -0700, Matt Zimmerman wrote:
> > > I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> > > (both live and installed) should, by default, include the set of packages
> > > necessary to compile simple C programs and Linux kernel modules.
> > >
> >
> > What specific use case do you have in mind?
>
> A user requires a driver in order to make effective use of their hardware.
> One is available, but it isn't included in Ubuntu for whatever reason (it
> wasn't suitable for release at the time, or didn't support their particular
> device yet, whatever).  How-to documents are available which explain
> step-by-step how they can get up and running, but they don't work because of
> the lack of a compiler.

Sometimes, those how-to documents doesn't work due to the lack of
firmwares or already precompiled drivers, not for the lack of compilers.
One example is the support for ADSL USB modems.

What about including the compiler into the installation CD, but don't
installing it by default? The only difference between this case and the
lack-of-compiler case could be a simple "sudo apt-get install gcc",
getting the compiler from the CD and without the need for an internet
connection.

Cheers,

Ricardo.


--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

John Vivirito-2
In reply to this post by Matt Zimmerman-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Matt Zimmerman wrote:
>> > I would like to propose that, beginning in Edgy, Ubuntu desktop systems
>> > (both live and installed) should, by default, include the set of packages
>> > necessary to compile simple C programs and Linux kernel modules.
>
> I'm an extremely experienced computer user (including Linux since the early
> days of Debian) and even I don't need gcc.
>> >
>> > My reasoning is based on the following points:
>> >
>> >  * Linux systems have traditionally shipped with gcc
>
> The worst of reasons.
>> >
>> >  * The most common way to obtain a new driver for a Linux system is
>> >    to compile it from C source code
>
> _My_ most common way to do anything is to find a binary.
>> >
>> >  * A common reason to install a new driver on a Linux system is to gain
>> >    access to the Internet, so support can be difficult to obtain in such a
>> >    scenario
>
> It's not _that_ common.  Especially if you purchase hardware based on known
> support in Linux.
>> >
>> >  * A great deal of distribution-agnostic documentation assumes the
>> >    availability of gcc
>
> True.
>> >
>> >  * Users who are new to Ubuntu have no idea how to install the necessary
>> >    packages for building a kernel module
>
> Users new to Ubuntu have no idea how to compile a kernel module.  Installing
> gcc only gets them marginally closer.
>
>> >  * An excessive amount of RAM is needed to install build-essential and
>> >    linux-headers in the live CD environment, and we only have enough space
>> >    for them either in preinstalled form (for the live session) OR packaged
>> >    form (for the installed system), not both
>
> I don't quite understand why gcc makes any difference, there.
>
> -- derek

I would like to see build-essential installed by default because alot of
new users that cant finda  .deb resort to tars and build-essential apps
are needed for that. make and gcc are main ones used. i have seen alot
of new users wanting to learn how to compile apps from tars. i have also
seen many new users looking for gcc and cant find it "mainly they dont
know how to find it" but if installed by default thats a few less things
the new users have to worry about.
- --
GnomeFreak

https://wiki.ubuntu.com/Johnvivirito
https://launchpad.net/people/gnomefreak
http://freewebs.com/ubuntufreak
Linux User# 414246
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEiHEAqig4QTwcPCoRAsuMAJ9P40f3Csd/ox2wVlV3mlhzQ6RzDACcDU1/
+lCaOt7OzfuEMnHcQ4tU6cM=
=8/Cf
-----END PGP SIGNATURE-----

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Dennis Kaarsemaker
In reply to this post by Ricardo Pérez López-2
On do, 2006-06-08 at 20:39 +0200, Ricardo Pérez López wrote:
> What about including the compiler into the installation CD, but don't
> installing it by default?

That's the current situation.
--
Dennis K.

Time is an illusion, lunchtime doubly so.

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (198 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Dennis Kaarsemaker
In reply to this post by John Vivirito-2
On do, 2006-06-08 at 14:48 -0400, John Vivirito wrote:
> I would like to see build-essential installed by default because alot
> of new users that cant finda  .deb resort to tars

IMHO that's a reason to not include them by default. It's much better
for them to ask and find .deb packages than mesing around with
tarballs.
--
Dennis K.

Time is an illusion, lunchtime doubly so.

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

signature.asc (198 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Matt Zimmerman-2
In reply to this post by Matt Zimmerman-2
On Thu, Jun 08, 2006 at 02:15:59PM -0400, Lee Revell wrote:

> On Thu, 2006-06-08 at 11:02 -0700, Matt Zimmerman wrote:
> > > If the point is to compile kernel modules, doesn't that also require
> > the
> > > full kernel source?
> >
> > No.
>
> This is why I asked for a *specific* use case because many drivers
> certainly do require the full kernel source to install (ALSA for
> example).

ALSA builds fine with kernel headers; the alsa-source package in Debian and
universe works this way.

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Andrew Zajac
In reply to this post by Matt Zimmerman-2


On 6/8/06, Matt Zimmerman <[hidden email]> wrote:
* The most common way to obtain a new driver for a Linux system is
  to compile it from C source code

* A common reason to install a new driver on a Linux system is to gain
  access to the Internet, so support can be difficult to obtain in such a
  scenario

* A great deal of distribution-agnostic documentation assumes the
  availability of gcc

* Users who are new to Ubuntu have no idea how to install the necessary
  packages for building a kernel module
 
User who are new to linux and are using ubuntu will use the ubuntu documentation.  In it, installing build-essential is properly described.  It is another step in the process of:
 
1- finding out that they need to compile a kernel module to fix a specific problem.
2- finding out what kernel module to build
3- obtaining it (if it is the only way to conect to the net, this is a catch-22)
4- installing the toolchain and linux-headers package
5- building and installing the module.
 
Providing build-essential preinstalled will only help users who are familiar with linux but not with ubuntu.  Users who expect gcc to be installed may be surprised to find it absent, but I am sure they expect it to be easily installed, which it is as well as the process being properly documented - it's not that big an endeavour for them.
 
Is this such an important amount of users?  Ubuntu makes a better effort to target non-linux-geek users, in comparison to other distros. 
 
Users who are not familiar with linux will not really expect gcc to be present.  The command-line is cryptic enough and they typically will not try to grok upstream documentation, but simply cut-and-paste instructions from a source of documentation.
 
Can the above five steps be made trivial in some way, either by documentation or some sort of frontend to module-assistant?  Would that be a better solution to the actual problem?
 
 
 
azz

 

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Matt Zimmerman-2
In reply to this post by Derek Broughton-2
On Thu, Jun 08, 2006 at 03:26:56PM -0300, Derek Broughton wrote:
> Matt Zimmerman wrote:
> > My reasoning is based on the following points:
> >
> >  * Linux systems have traditionally shipped with gcc
>
> The worst of reasons.

One of the primary goals of Ubuntu is usability, and one of the keys to
usability is meeting the expectations of the user.  In this case, it is a
particular type of user (primarily a Linux enthusiast), but meeting this
expectation costs almost nothing and stands to benefit a great deal.

> >  * The most common way to obtain a new driver for a Linux system is
> >    to compile it from C source code
>
> _My_ most common way to do anything is to find a binary.

It is rare to find drivers built for distribution kernels, and rarer for the
exact version of the kernel needed.  Even over the lifetime of a release,
the kernel ABI regularly changes incompatibly (with security fixes).

> >  * A common reason to install a new driver on a Linux system is to gain
> >    access to the Internet, so support can be difficult to obtain in such a
> >    scenario
>
> It's not _that_ common.  Especially if you purchase hardware based on known
> support in Linux.

This may seem simple from your perspective, but it requires a great deal of
thought and research to do so, and even then, it's often not obvious whether
a particular piece of hardware is "safe".  Also, the simple truth is that
most users don't think about this before purchasing hardware, and we want to
welcome those users to migrate to Ubuntu later if they like.

> >  * Users who are new to Ubuntu have no idea how to install the necessary
> >    packages for building a kernel module
>
> Users new to Ubuntu have no idea how to compile a kernel module.  Installing
> gcc only gets them marginally closer.

This isn't so; users are accustomed to this process from other
distributions, and users who are trying Ubuntu as their first distribution
sometimes receive help from users familiar with other distributions.  It may
seem like a small step, but it makes the difference between being stopped in
one's tracks, or being able to follow a how-to or personal instructions to
get up and running.

> >  * An excessive amount of RAM is needed to install build-essential and
> >    linux-headers in the live CD environment, and we only have enough space
> >    for them either in preinstalled form (for the live session) OR packaged
> >    form (for the installed system), not both
>
> I don't quite understand why gcc makes any difference, there.

The problem is exacerbated by the live CD environment, where packages can
only be installed into memory, and shipping the necessary packages in the
live environment *only* is problematic for the reasons stated above.

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Matt Zimmerman-2
In reply to this post by Ricardo Pérez López-2
On Thu, Jun 08, 2006 at 08:39:59PM +0200, Ricardo Pérez López wrote:

> El jue, 08-06-2006 a las 11:02 -0700, Matt Zimmerman escribió:
> > A user requires a driver in order to make effective use of their hardware.
> > One is available, but it isn't included in Ubuntu for whatever reason (it
> > wasn't suitable for release at the time, or didn't support their particular
> > device yet, whatever).  How-to documents are available which explain
> > step-by-step how they can get up and running, but they don't work because of
> > the lack of a compiler.
>
> Sometimes, those how-to documents doesn't work due to the lack of
> firmwares or already precompiled drivers, not for the lack of compilers.
> One example is the support for ADSL USB modems.

In every case I have seen, instructions can be given for finding the
firmware which are not specific to a distribution.  The upstream authors of
drivers are generally not interested in explaining the details of working
with a particular distribution; they want to provide instructions which work
for everyone, and this is difficult when the compiler isn't included.

> What about including the compiler into the installation CD, but don't
> installing it by default? The only difference between this case and the
> lack-of-compiler case could be a simple "sudo apt-get install gcc",
> getting the compiler from the CD and without the need for an internet
> connection.

We've done that since the very first release of Ubuntu.

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Andy Rabagliati
In reply to this post by Ricardo Pérez López-2
On Thu, 08 Jun 2006, Ricardo Pérez López wrote:

> What about including the compiler into the installation CD, but don't
> installing it by default? The only difference between this case and the
> lack-of-compiler case could be a simple "sudo apt-get install gcc",
> getting the compiler from the CD and without the need for an internet
> connection.

I think this is best.

There is often firmware needed, downloaded as binaries from warez places.

I am a command-line guy, and I need gcc for other reasons.

(I have source code for the conexant drivers at
        ftp://ftp.wizzy.com/pub/wizzy/
 but I haven't used them myself.)

Cheers,  Andy!

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Matt Zimmerman-2
In reply to this post by Andrew Zajac
On Thu, Jun 08, 2006 at 03:02:07PM -0400, Andrew Zajac wrote:

> On 6/8/06, Matt Zimmerman <[hidden email]> wrote:
>
> >* The most common way to obtain a new driver for a Linux system is
> >  to compile it from C source code
> >
> >* A common reason to install a new driver on a Linux system is to gain
> >  access to the Internet, so support can be difficult to obtain in such a
> >  scenario
> >
> >* A great deal of distribution-agnostic documentation assumes the
> >  availability of gcc
> >
> >* Users who are new to Ubuntu have no idea how to install the necessary
> >  packages for building a kernel module
>
>
> User who are new to linux and are using ubuntu will use the ubuntu
> documentation.  In it, installing build-essential is properly described.

Playing the role of a user looking for gcc, I searched the offline
documentation (yelp) for "gcc", and did not find such instructions.  Even
so, I don't think that adding instructions would fully address the problem.

> It is another step in the process of:
>
> 1- finding out that they need to compile a kernel module to fix a specific
> problem.
> 2- finding out what kernel module to build
> 3- obtaining it (if it is the only way to conect to the net, this is a
> catch-22)
> 4- installing the toolchain and linux-headers package
> 5- building and installing the module.

All of these except step 4 are usually answered by a single document which
applies to all distributions equally.

> Providing build-essential preinstalled will only help users who are familiar
> with linux but not with ubuntu.  Users who expect gcc to be installed may be
> surprised to find it absent, but I am sure they expect it to be easily
> installed, which it is as well as the process being properly documented -
> it's not that big an endeavour for them.
>
> Is this such an important amount of users?  Ubuntu makes a better effort to
> target non-linux-geek users, in comparison to other distros.

I think it is important enough to justify the cost, which is practically
zero.  What reason is there *not* to install it?

> Users who are not familiar with linux will not really expect gcc to be
> present.  The command-line is cryptic enough and they typically will not try
> to grok upstream documentation, but simply cut-and-paste instructions from a
> source of documentation.

Agreed, but having gcc makes those cut-and-paste instructions more portable.

> Can the above five steps be made trivial in some way, either by
> documentation or some sort of frontend to module-assistant?  Would that be a
> better solution to the actual problem?

There are some steps we could take, but it's a complex problem and we won't
solve it completely in the near future.  Meanwhile...

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Anders Karlsson-2
In reply to this post by Matt Zimmerman-2
On Thu, 2006-06-08 at 09:44 -0700, Matt Zimmerman wrote:
> I would like to propose that, beginning in Edgy, Ubuntu desktop systems
> (both live and installed) should, by default, include the set of packages
> necessary to compile simple C programs and Linux kernel modules.

[snip]

Having a compiler installed is not wrong, and you already identified
what would be my biggest fear, getting systems compromised and handing
the intruder the tools to carry on on a silver platter.

It can possibly be mitigated by at the same time ensuring that possibly
SELinux is installed and active with a sensible default and there is a
sensibly configured firewall on the system. With the dbus interface, it
should be possible to then highlight to a user if there is something
'funny' going on. It's just a thought.

Kind Regards,

--
Anders Karlsson <[hidden email]>

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Matt Zimmerman-2
On Thu, Jun 08, 2006 at 04:19:30PM -0400, Lee Revell wrote:
> If someone cracks a system don't you think they could just compile on
> their local machine and upload binaries?  I really don't understand the
> argument that having a compiler installed is a security issue.

The concern is about automated attacks, which take advantage of assumptions
about which tools and facilities are available.

--
 - mdz

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Florian Zeitz-2
In reply to this post by Anders Karlsson-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anders Karlsson wrote:

> On Thu, 2006-06-08 at 09:44 -0700, Matt Zimmerman wrote:
>> I would like to propose that, beginning in Edgy, Ubuntu desktop systems
>> (both live and installed) should, by default, include the set of packages
>> necessary to compile simple C programs and Linux kernel modules.
>
> [snip]
>
> Having a compiler installed is not wrong, and you already identified
> what would be my biggest fear, getting systems compromised and handing
> the intruder the tools to carry on on a silver platter.
>
> It can possibly be mitigated by at the same time ensuring that possibly
> SELinux is installed and active with a sensible default and there is a
> sensibly configured firewall on the system. With the dbus interface, it
> should be possible to then highlight to a user if there is something
> 'funny' going on. It's just a thought.
>
> Kind Regards,
>
>

My personal opinion on the security mater is, that on a default desktop
install ubuntu's no open ports policy is used, so there won't be any
possibility for attackers to get in anyway.
Ubuntu-server should certainly not have gcc installed by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFEiIj00JXcdjR+9YQRAvUNAJ0envJgIa6nlZCNotUuoJ8U59WdjACfaIRx
tWwoiZWk87OvFGKQyzQWXOg=
=AMGc
-----END PGP SIGNATURE-----

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Reply | Threaded
Open this post in threaded view
|

Re: Installing a compiler by default

Ante Karamatic-2
In reply to this post by Matt Zimmerman-2
On Thu, 8 Jun 2006 09:44:17 -0700
Matt Zimmerman <[hidden email]> wrote:

> I would like to propose that, beginning in Edgy, Ubuntu desktop
> systems (both live and installed) should, by default, include the set
> of packages necessary to compile simple C programs and Linux kernel
> modules.

At least after ubuntu-server install. pppoe-config in Debian/Ubuntu
isn't much of a PPPoE solution. To use rp-pppoe, gcc is needed, and
it's borking/anoying to install build-essential every time I want to
create Ubuntu pppoe router :)

So, +1 from me.

--
Ante Karamatic | 0xD3BDA225 | 0x0A4A0161
[hidden email] | [hidden email] | ivoks.blogspot.com
"Tomorrow is my day off, so please stay off the powder!"

--
ubuntu-devel mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
1234 ... 6