1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
Ronan Mullally wrote: |
5 |
> As do many rootkits. If somebody gets local access to a server with a |
6 |
> suite of development tools they're well on their way to rooting the box. |
7 |
> Removing these tools is simply a good example of security in depth. |
8 |
|
9 |
You just slow the attack a little bit by removing the compiler. The attacker will probably use |
10 |
statically linked binaries, or compile somewhere else. Most rootkits do not depend on external |
11 |
libraries, neither, except for kernel modules, of course, that depend on the kernel's source. |
12 |
|
13 |
But, of course, if they got access to the box, then the compiler is the least of your problems at |
14 |
that time, but I have to admit that the "slowing the attacker down" is an extra layer of protection. |
15 |
It provides the sysadmins/users/monitoring software more time to detect the breach. |
16 |
|
17 |
- -- |
18 |
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica |
19 |
OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 |
20 |
Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ |
21 |
-----BEGIN PGP SIGNATURE----- |
22 |
Version: GnuPG v1.4.7 (GNU/Linux) |
23 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
24 |
|
25 |
iD8DBQFGUa54AlpOsGhXcE0RCv2JAJ9FBW3UVp/LHa0utGFAcjSoD94fVwCeINiK |
26 |
94XbD11OieY31dQM6M4/URY= |
27 |
=4HBQ |
28 |
-----END PGP SIGNATURE----- |
29 |
-- |
30 |
gentoo-server@g.o mailing list |