Installing a compiler by default
Lee Revell
rlrevell at joe-job.com
Tue Jun 13 17:11:54 BST 2006
On Tue, 2006-06-13 at 02:56 +0200, Florian Diesch wrote:
> Scott Dier <dieman at ringworld.org> wrote:
>
> > Anders Karlsson wrote:
> >> You misunderstand. A C compiler in itself does not compromise security,
> >> and if you phrased the question like that, I'd tell you it was BS as
> >> well. On a system that run services it is bad security practise to
> >> install a compiler, for reasons already explained, and the book Shawn
> >> points you at will reaffirm this.
> >
> > Isn't having a interpreter of any sort just about the same problem?
>
> With an interpreter you can execute code but with a C compiler you can
> much more easily replace libs or kernel modules which is what most
> root kits are doing.
>
Um, the attacker would have to be root already to replace libs or kernel
modules. You've already lost at that point. Game over, man.
Lee
More information about the sounder
mailing list