Nelson Marques wrote:
So... really... I'd like to understand... does any security expert also believe installing a compiler into a system to be a security issue? Why?
I'm not a security experts, but compilers are banned in production servers in nearly all places I know; Kernel modules are handled with 'weak-updates' and so far it's doing the job well. The closest to a compilar that we allow in production is JDK, other than that, no gcc or friends :)
It depends on site policy. Most security people I know say that if the person has gotten as far as being able to login to your system, it's game over -- compilers make little difference at that point. The incremental security benefit of not having compilers on a system, is minor -- NOT that I would advise putting development tools on a outward facing web server -- BUT, I'd generally advise against putting any software on it not needed for it's job, as each piece adds exponential complexity. I've never worked on a system that's been hacked into and all of them have had full development tools on them, but my security policy doesn't for the most part, doesn't provide services for untrusted clients. They got interactive shell? They can download premade binaries for your machine or attack tools not needing compilation. With security, it's never '1 thing', everything is about mitigation, with overlapping with a minimum of 3 overlapping layers per vector. I'd say that was far more important than whether or not the machine has compilers or not. The three layers ideally should be by different vendors and run on different HW -- i.e. no interdependencies. You could go so far as to disallow interactive users to running a shell, with updates to the webserver done via shared files run over a VPN over IPSEC. Again, a factor of 10x or more in risk reduction vs. disallowing compiler presence. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org