SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-05-2008, 09:48 AM
| ||||
| ||||
 Securing Visual Age C++ compiler on production AIX? We have a product that we want to install on our production servers which requires Visual Age C++ to be installed as well. We don't normally allow compilers on production AIX (5.3) boxes, but in this case, there appears to be no way around it. Is there a way we can configure either the compiler or use controls in AIX to secure the use of the compiler and restrict it only to use by the application that requires it? Again, we're talking Unix here, essentially, and I personally don't know of any way to do this (esp. if root is compromised), but I'm not a huge AIX junkie, so I thought I would ask. Thanks! /usr/ceo      |
|
01-05-2008, 09:49 AM
| ||||
| ||||
| Re: Securing Visual Age C++ compiler on production AIX? newsbot@cox.net wrote: > We have a product that we want to install on our production servers > which requires Visual Age C++ to be installed as well. We don't > normally allow compilers on production AIX (5.3) boxes, but in this > case, there appears to be no way around it. Does the desired product require the VAC++ compiler, or just the runtime? > Is there a way we can configure either the compiler or use controls in > AIX to secure the use of the compiler and restrict it only to use by > the application that requires it? Again, we're talking Unix here, > essentially, and I personally don't know of any way to do this (esp. if > root is compromised), but I'm not a huge AIX junkie, so I thought I > would ask. You can try a non-default install (install vaccpndi.* first), putting the compiler where you want it. If the application runs with different authority (set-UID) you can set the ownership of the compiler to that user ID and turn off other permissions. Alternatively, you could reconsider why you're so concerned about a compiler on a production box. Your users better be running the app of interest only, or if this is a server, your users can't get to the compiler anyway. I can't imagine any scenario that isn't fundamentally a problem with either the users or security. |
Linear Mode
