Re: C Compiler

To: debian-user@lists.debian.org
Subject: Re: C Compiler
From: Bill Moseley <moseley@hank.org>
Date: Wed, 26 May 2004 10:31:21 -0700
Message-id: <[🔎] 20040526173121.GA16646@hank.org>
Mail-followup-to: Bill Moseley <moseley@hank.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20040526153652.GA12406@infidel.spots.ab.ca>
References: <[🔎] B09D7D6E102FC94EAB4EA40CD4434B0E01C072@uhgmail01.CIMPLIFY.NET> <[🔎] 20040526001054.GJ10355@luna.mooo.com> <[🔎] 20040526150306.GA921@hank.org> <[🔎] 20040526153652.GA12406@infidel.spots.ab.ca>

On Wed, May 26, 2004 at 09:36:52AM -0600, s. keeling wrote:
> Usenix' ;login: had an article recently discussing this sort of
> vulnerability.  If you're letting just anyone at your C compiler, you
> MAY be facilitating exploits.

I suppose any access is more of a security risk.  But if someone can
gain access via a network then it seems like they could also probably
compile a program elsewhere and bring it in also.

> Personally, I'd tend to think that once they're in, all bets are off
> and locking down the C compiler is the least of your problems.

Exactly.

-- 
Bill Moseley
moseley@hank.org

Reply to:

Follow-Ups:
- chmod o-x `which gcc` considered harmful (was Re: C Compiler)
  - From: Jonathan Dowland <jmtd@compsoc.dur.ac.uk>

References:
- C Compiler
  - From: "Edwards, Thomas W." <TWEdwards@cimplify.net>
- Re: C Compiler
  - From: Micha Feigin <michf@post.tau.ac.il>
- Re: C Compiler
  - From: Bill Moseley <moseley@hank.org>
- Re: C Compiler
  - From: "s. keeling" <keeling@spots.ab.ca>

Prev by Date: Re: bookmarks.html
Next by Date: Re: [OT Why GB English is different] Re: Mozilla firefox en-gb
Previous by thread: Re: C Compiler
Next by thread: chmod o-x `which gcc` considered harmful (was Re: C Compiler)
Index(es):
- Date
- Thread