Installing a compiler by default
Scott Dier
dieman at ringworld.org
Thu Jun 8 18:24:11 BST 2006
Rocco Stanzione wrote:
> I once avoided getting hit by slapper, in spite of a vulnerable apache+openssl
> server, by having gcc executable only by myself. For Ubuntu, we could make
> this a group permission or UID=1000. This doesn't help if the user's account
> is compromised, but can help prevent compromised services (like apache) from
> using gcc.
>
If this is done please ensure that it is highly configurable through
debconf -- I install compilers with broken UID spaces based on legacy
NIS configurations.
Thanks,
--
Scott Dier <dieman at ringworld.org>
More information about the ubuntu-devel
mailing list