Date: Tue, 17 Feb 1998 19:10:15 -0500 (EST) From: mgraffam@mhv.net To: Studded <Studded@san.rr.com> Cc: Doug White <dwhite@resnet.uoregon.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: gcc 2.8.0 Message-ID: <Pine.LNX.3.96.980217190037.32749A-100000@localhost> In-Reply-To: <34EA1F5F.FBF8F285@san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Feb 1998, Studded wrote: > > Blowing it away is OK. I did it pretty quickly on a 40MB printserver I > > put together last week. > > > > rm /usr/bin/gcc /usr/bin/cc /usr/libexec/cc1plus .... > > rm -rf /usr/include I agree that limited access to the C compiler helps improve the security of the system, but you must remember that you are using PC's with a free OS. How long do you think it would take for someone to install FreeBSD off of CD, get to a shell, compile the exploits they need and then upload the binaries to your system? I say 60 minutes, tops.. if the attacker is familiar with FreeBSD. I don't think total removal makes much sense on PC's with a free OS. There are too many PC's running around, and anyone can get the OS. Removing the compiler on an SGI machine makes more sense.. but even then, I have access to shell's on SGI machines.. and I'd assume a lot of other people do too. I think that a better approach is to make a "devel" group or something similar, and make all the development junk, includes, the compiler and what not all group devel owned. Then remove all perms for other users.. then only root and g devel guys can access the compiler. We hope that root and g devel can be trusted. I don't like root too much either, but hey.. thats UNIX. Michael J. Graffam (mgraffam@mhv.net) http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc "Two things fill the mind with ever new and increasing admiration and awe the more often and steadily we reflect upon them: the starry heavens above and the moral law within me. I do not seek or conjecture either of them as if they were veiled obscurities or extravagances beyond the horizon of my vision; I see them before me and connect them immediately with the consciousness of my existence." - Immanuel Kant "Critique of Practical Reason" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.980217190037.32749A-100000>