[NTLUG:Discuss] Secure a system by securing GCC..
Bug Hunter
bughuntr at one.ctelcom.net
Mon Jul 1 13:18:38 CDT 2002
not unless you also locked down ftp so no one could bring in an external
binary. Both the server and the client. and don't forget rsh, and don't
forget lynx and links, and don't forget scp and don't forget mail and ....
you get the picture.
actualy, gcc is not much of a security risk, as its output (a program)
has to take advantage of an existing security risk somewhere else.
setuid is an operation that root should only be able to perform.
look up chattr. that protects programs against accidental modification
by even root.
On Mon, 1 Jul 2002, Richard Geoffrion wrote:
> I had an idea that sounds good, but I thought I'd run it by you guys.
>
> If execute rights to the GCC (and/or other directories) were revoked to all
> but the root user, wouldn't that reduce the chance of damage by keeping
> someone from compiling code to elevate their priveledges should they make it
> in?
>
> -R
More information about the Discuss
mailing list