On Sat, Jul 21, 2012 at 6:36 PM, Nelson Marques
add a compiler and you will make the day for any attacker who managed to get through. Next step is only 5 lines of assembly for kernel exploit and then you have root ;)
If only for the simple reason of not installing useless things, I agree that splitting devel packages is good. However, that statement there has never found favor with me. Having done security workshops and having successfully exploited buffer overruns, sql injection and the like, I have never needed the target system to have a compiler. I usually injected machine code, and if I needed to build complex programs and deliver them, I'd build them in my own system, not the target system. So... really... I'd like to understand... does any security expert also believe installing a compiler into a system to be a security issue? Why? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org