1 |
On Mon, 16 Feb 2009 13:48:04 +0100 |
2 |
Johannes Frandsen <jsf@××××××.dk> wrote: |
3 |
|
4 |
> I got in to a discussion about which server to recommend for running |
5 |
> the php5 symfony framework, and I recommended Gentoo as I had been |
6 |
> using it my self for a couple of years and have been very satisfied |
7 |
> with it. |
8 |
> Somebody pointed out that having a productions server with a gcc |
9 |
> installed was a big no no security wise, so I did a bit of goggling on |
10 |
> that topic and found a couple of articles supporting that view. |
11 |
|
12 |
I suppose it makes sense only in much broader context: "remove |
13 |
everything that isn't necessary, even gcc". |
14 |
|
15 |
It might certainly give attacker a harder time, but if it's x86/64 linux |
16 |
machine, I think that hardly matters - static binaries won't be a |
17 |
problem, so, if you're seriously considering that step to be necessary |
18 |
- get rid of coreutils (especially that 'rm' utility) and all the |
19 |
interpreters (even awk!) first. |
20 |
|
21 |
-- |
22 |
Mike Kazantsev // fraggod.net |