Bug#150557: marked as done (gcc: can gcc default group and permissions be altered?)

To: Daniel Jacobowitz <dan@debian.org>
Cc: Debian GCC maintainers <debian-gcc@lists.debian.org>
Subject: Bug#150557: marked as done (gcc: can gcc default group and permissions be altered?)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 20 Jun 2002 11:33:08 -0500
Message-id: <[🔎] handler.150557.D150557.10245907779646.ackdone@bugs.debian.org>
In-reply-to: <20020620163251.GA26460@nevyn.them.org>
References: <20020620163251.GA26460@nevyn.them.org> <[🔎] E17L47j-0001vb-00@pc95.shcorp.com>

Your message dated Thu, 20 Jun 2002 12:32:51 -0400
with message-id <20020620163251.GA26460@nevyn.them.org>
and subject line Bug#150557: gcc: can gcc default group and permissions be altered?
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Jun 2002 15:46:24 +0000
>From kyoder@shcorp.com Thu Jun 20 10:46:24 2002
Return-path: <kyoder@shcorp.com>
Received: from (pangaea.shcorp.com) [67.97.0.82] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17L48d-0007yF-00; Thu, 20 Jun 2002 10:46:24 -0500
Received: from pc95.shcorp.com (mail@pc95.shcorp.com [10.10.1.95])
	by pangaea.shcorp.com (8.12.1/8.12.1/Debian -5) with ESMTP id g5KFjS0L005787;
	Thu, 20 Jun 2002 11:45:28 -0400
Received: from kyoder by pc95.shcorp.com with local (Exim 3.35 #1 (Debian))
	id 17L47j-0001vb-00; Thu, 20 Jun 2002 11:45:27 -0400
From: Kurt Yoder <kybug@shcorp.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gcc: can gcc default group and permissions be altered?
X-Mailer: reportbug 1.50
Date: Thu, 20 Jun 2002 11:45:27 -0400
Message-Id: <[🔎] E17L47j-0001vb-00@pc95.shcorp.com>
Sender: Kurt Yoder <kyoder@shcorp.com>
X-MailScanner: Found to be clean
Delivered-To: submit@bugs.debian.org

Package: gcc
Version: 2:2.95.4-14
Severity: normal
Tags: security

In thinking of ways to lock down my system, I was looking at the
compiler permissions, etc. gcc is installed with owner root.root and
permissions 755. This allows anyone who is logged in to use it. Is it
possible to instead make a group "compiler" and change gcc to owner
root.compiler, permissions 750? Or perhaps this can be a debconf option
when installing gcc for people who are concerned about this issue?

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pc95 2.4.17-k7 #2 Sat Dec 22 22:03:49 EST 2001 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages gcc depends on:
ii  cpp                          2:2.95.4-14 The GNU C preprocessor.
ii  cpp-2.95                     1:2.95.4-7  The GNU C preprocessor.
ii  gcc-2.95                     1:2.95.4-7  The GNU C compiler.

---------------------------------------
Received: (at 150557-done) by bugs.debian.org; 20 Jun 2002 16:32:57 +0000
>From drow@crack.them.org Thu Jun 20 11:32:57 2002
Return-path: <drow@crack.them.org>
Received: from crack.them.org [65.125.64.184] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17L4rh-0002VX-00; Thu, 20 Jun 2002 11:32:57 -0500
Received: from 01-040.118.popsite.net ([66.19.120.40] helo=nevyn.them.org)
	by crack.them.org with asmtp (Exim 3.12 #1 (Debian))
	id 17L4rY-0007ns-00; Thu, 20 Jun 2002 11:32:49 -0500
Received: from drow by nevyn.them.org with local (Exim 3.35 #1 (Debian))
	id 17L4rb-0007aH-00; Thu, 20 Jun 2002 12:32:51 -0400
Date: Thu, 20 Jun 2002 12:32:51 -0400
From: Daniel Jacobowitz <dan@debian.org>
To: Kurt Yoder <kybug@shcorp.com>, 150557-done@bugs.debian.org
Subject: Re: Bug#150557: gcc: can gcc default group and permissions be altered?
Message-ID: <20020620163251.GA26460@nevyn.them.org>
References: <[🔎] E17L47j-0001vb-00@pc95.shcorp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] E17L47j-0001vb-00@pc95.shcorp.com>
User-Agent: Mutt/1.5.1i
Delivered-To: 150557-done@bugs.debian.org

On Thu, Jun 20, 2002 at 11:45:27AM -0400, Kurt Yoder wrote:
> Package: gcc
> Version: 2:2.95.4-14
> Severity: normal
> Tags: security
> 
> In thinking of ways to lock down my system, I was looking at the
> compiler permissions, etc. gcc is installed with owner root.root and
> permissions 755. This allows anyone who is logged in to use it. Is it
> possible to instead make a group "compiler" and change gcc to owner
> root.compiler, permissions 750? Or perhaps this can be a debconf option
> when installing gcc for people who are concerned about this issue?

This is not and can not be a bug.

You gain nothing by preventing the use of a compiler; I recommend you
to any good security forum for an explanation of why.  If you give the
user a shell they can manage to get their own compiled binaries into
the system; and if you don't they can't run the compiler.

-- 
Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer

-- 
To UNSUBSCRIBE, email to debian-gcc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Bug#150557: gcc: can gcc default group and permissions be altered?
  - From: Kurt Yoder <kybug@shcorp.com>

Prev by Date: Processed: Re: Bug#150557: gcc: can gcc default group and permissions be altered?
Next by Date: ice with gcc 3.1 when optimizing for k6
Previous by thread: Processed: Re: Bug#150557: gcc: can gcc default group and permissions be altered?
Next by thread: Bug#150558: gcc: -O3 yields asm code mp.s:9605: Error: suffix or operands invalid for `div'
Index(es):
- Date
- Thread