SEO
vBulletin Search Engine Optimization
| |||||||
![Re: Why no compiler on prod system [Was: Re: How to update httpd without a compiller]](http://unixadmintalk.com/iconimages/f18/re-why-no-compiler-prod-system-re-how-update-httpd-without-compiller_ltr.gif)
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 06:23 AM
| ||||
| ||||
 Re: Why no compiler on prod system [Was: Re: How to update httpd without a compiller] David Terrell wrote: > On Thu, Aug 24, 2006 at 12:38:26PM -0700, Nick Shank wrote: > >> Through all of this, and maybe I've just missed it, what happens when a >> user tries to make spl01t.c? >> > > stop it, please, you're killing me. > > There is nothing special about your machine that makes binaries compiled > somewhere else not be able to use exploits against it. Removing the > compiler does not hurt any serious attacker. If you really care about > defending your machine against idiots who can't figure out how to compile > an exploit on another machine, well, congratulations, you're already > running OpenBSD. > > Earth to Dave, Earth to Dave, there's another soap-box over on 42nd & Main... Erm, right... Regardless, I was simply asking if 1) The possibility of a user who has access to the system had been thought of, and 2) Would it matter. Yes, I install the compXX package. Why? It's convinient. Is it exploitable? Sure, why not. Do I care? No, not really. And please, reply just to the list, and not to me directly...      |
Linear Mode
