| 1 |
I happened to browse through a FreeBSD and a CentOS based virtual |
| 2 |
server and was amazed on both occasions as to how slim these machines |
| 3 |
were. I've seen embedded Linux running more processes on hardware |
| 4 |
servers than what these machines were running. In that sense, gcc and |
| 5 |
toolchain will be easily perceived as bloat and potential for |
| 6 |
vulnerabilities and exploitation. In my humble opinion, it is all |
| 7 |
relevant. If you understand SELinux you may want to have a look at |
| 8 |
it. One of these days I promised myself to have a good read of it |
| 9 |
without falling asleep or developing a migraine! :p |
| 10 |
|
| 11 |
The beauty of Gentoo is that you can build it as you want it. |
| 12 |
|
| 13 |
2009/2/16 Mike Kazantsev <mike_kazantsev@×××××××.net>: |
| 14 |
> On Mon, 16 Feb 2009 13:48:04 +0100 |
| 15 |
> Johannes Frandsen <jsf@××××××.dk> wrote: |
| 16 |
> |
| 17 |
>> I got in to a discussion about which server to recommend for running |
| 18 |
>> the php5 symfony framework, and I recommended Gentoo as I had been |
| 19 |
>> using it my self for a couple of years and have been very satisfied |
| 20 |
>> with it. |
| 21 |
>> Somebody pointed out that having a productions server with a gcc |
| 22 |
>> installed was a big no no security wise, so I did a bit of goggling on |
| 23 |
>> that topic and found a couple of articles supporting that view. |
| 24 |
> |
| 25 |
> I suppose it makes sense only in much broader context: "remove |
| 26 |
> everything that isn't necessary, even gcc". |
| 27 |
> |
| 28 |
> It might certainly give attacker a harder time, but if it's x86/64 linux |
| 29 |
> machine, I think that hardly matters - static binaries won't be a |
| 30 |
> problem, so, if you're seriously considering that step to be necessary |
| 31 |
> - get rid of coreutils (especially that 'rm' utility) and all the |
| 32 |
> interpreters (even awk!) first. |
| 33 |
> |
| 34 |
> -- |
| 35 |
> Mike Kazantsev // fraggod.net |
| 36 |
> |
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
Regards, |
| 42 |
Mick |
Archives