Re: C Compiler

To: debian-user@lists.debian.org
Subject: Re: C Compiler
From: "s. keeling" <keeling@spots.ab.ca>
Date: Wed, 26 May 2004 09:36:52 -0600
Message-id: <[🔎] 20040526153652.GA12406@infidel.spots.ab.ca>
In-reply-to: <[🔎] 20040526150306.GA921@hank.org>
References: <[🔎] B09D7D6E102FC94EAB4EA40CD4434B0E01C072@uhgmail01.CIMPLIFY.NET> <[🔎] 20040526001054.GJ10355@luna.mooo.com> <[🔎] 20040526150306.GA921@hank.org>

Incoming from Bill Moseley:
> On Wed, May 26, 2004 at 03:10:54AM +0300, Micha Feigin wrote:
> > I could be a permission issue. I know some systems don't allow
> > compiling as a regular user for security reasons so that if crackers
> > break in they won't be able to use the local c compiler to build a root
> > exploit.
> 
> Can you post a reference to where this "security" configuration is
> recommended?

It was common knowledge when I got into this stuff.  Pg. 382 of "Unix
System Administrator's Bible" has a listing of a short C program that
exploits a buffer overflow in Solaris' "ping".  Whether it still
works, who knows?

Usenix' ;login: had an article recently discussing this sort of
vulnerability.  If you're letting just anyone at your C compiler, you
MAY be facilitating exploits.

Personally, I'd tend to think that once they're in, all bets are off
and locking down the C compiler is the least of your problems.

-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to:

Follow-Ups:
- Re: C Compiler
  - From: Bill Moseley <moseley@hank.org>

References:
- C Compiler
  - From: "Edwards, Thomas W." <TWEdwards@cimplify.net>
- Re: C Compiler
  - From: Micha Feigin <michf@post.tau.ac.il>
- Re: C Compiler
  - From: Bill Moseley <moseley@hank.org>

Prev by Date: extended character sets
Next by Date: Re: Replicating Debian Systems
Previous by thread: Re: C Compiler
Next by thread: Re: C Compiler
Index(es):
- Date
- Thread