| 1 |
On Mon, 16 Feb 2009 13:48:04 +0100 |
| 2 |
Johannes Frandsen <jsf@××××××.dk> wrote: |
| 3 |
|
| 4 |
> I got in to a discussion about which server to recommend for running |
| 5 |
> the php5 symfony framework, and I recommended Gentoo as I had been |
| 6 |
> using it my self for a couple of years and have been very satisfied |
| 7 |
> with it. |
| 8 |
> Somebody pointed out that having a productions server with a gcc |
| 9 |
> installed was a big no no security wise, so I did a bit of goggling on |
| 10 |
> that topic and found a couple of articles supporting that view. |
| 11 |
|
| 12 |
I suppose it makes sense only in much broader context: "remove |
| 13 |
everything that isn't necessary, even gcc". |
| 14 |
|
| 15 |
It might certainly give attacker a harder time, but if it's x86/64 linux |
| 16 |
machine, I think that hardly matters - static binaries won't be a |
| 17 |
problem, so, if you're seriously considering that step to be necessary |
| 18 |
- get rid of coreutils (especially that 'rm' utility) and all the |
| 19 |
interpreters (even awk!) first. |
| 20 |
|
| 21 |
-- |
| 22 |
Mike Kazantsev // fraggod.net |
Archives