Re: C Compiler
Incoming from Bill Moseley:
> On Wed, May 26, 2004 at 03:10:54AM +0300, Micha Feigin wrote:
> > I could be a permission issue. I know some systems don't allow
> > compiling as a regular user for security reasons so that if crackers
> > break in they won't be able to use the local c compiler to build a root
> > exploit.
>
> Can you post a reference to where this "security" configuration is
> recommended?
It was common knowledge when I got into this stuff. Pg. 382 of "Unix
System Administrator's Bible" has a listing of a short C program that
exploits a buffer overflow in Solaris' "ping". Whether it still
works, who knows?
Usenix' ;login: had an article recently discussing this sort of
vulnerability. If you're letting just anyone at your C compiler, you
MAY be facilitating exploits.
Personally, I'd tend to think that once they're in, all bets are off
and locking down the C compiler is the least of your problems.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
Reply to: