| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
Ronan Mullally wrote: |
| 5 |
> As do many rootkits. If somebody gets local access to a server with a |
| 6 |
> suite of development tools they're well on their way to rooting the box. |
| 7 |
> Removing these tools is simply a good example of security in depth. |
| 8 |
|
| 9 |
You just slow the attack a little bit by removing the compiler. The attacker will probably use |
| 10 |
statically linked binaries, or compile somewhere else. Most rootkits do not depend on external |
| 11 |
libraries, neither, except for kernel modules, of course, that depend on the kernel's source. |
| 12 |
|
| 13 |
But, of course, if they got access to the box, then the compiler is the least of your problems at |
| 14 |
that time, but I have to admit that the "slowing the attacker down" is an extra layer of protection. |
| 15 |
It provides the sysadmins/users/monitoring software more time to detect the breach. |
| 16 |
|
| 17 |
- -- |
| 18 |
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica |
| 19 |
OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 |
| 20 |
Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ |
| 21 |
-----BEGIN PGP SIGNATURE----- |
| 22 |
Version: GnuPG v1.4.7 (GNU/Linux) |
| 23 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 24 |
|
| 25 |
iD8DBQFGUa54AlpOsGhXcE0RCv2JAJ9FBW3UVp/LHa0utGFAcjSoD94fVwCeINiK |
| 26 |
94XbD11OieY31dQM6M4/URY= |
| 27 |
=4HBQ |
| 28 |
-----END PGP SIGNATURE----- |
| 29 |
-- |
| 30 |
gentoo-server@g.o mailing list |
Archives