1 |
> <..> Normally on a system which needs to be secure you don't |
2 |
> have any compiler <..> |
3 |
|
4 |
Oh no.. Not this again. |
5 |
|
6 |
Having a compiler on the system _does NOT matter_! |
7 |
|
8 |
What? You think it's bad if an attacker can compile stuff on your server? If you know you won't find an attacker _before_ he's playing with your compiler you should be more worried about your perimeter. |
9 |
|
10 |
If I put myself in the attackers perspective, I would never compile exploit source code on a cracked server. I would use obfuscated binaries, nothing else, as this would further lessen the odds of discovery. |
11 |
|
12 |
Doesn't OpenBSD ship with a compiler? It does. Applying patches to source code and compiling it is even the recommended way of keeping your system up to date. |
13 |
|
14 |
A compiler is not a security risk. |
15 |
|
16 |
// Daniel |
17 |
|
18 |
-- |
19 |
gentoo-security@g.o mailing list |