[CentOS] compilers a security risk?

m.roth at 5-cent.us m.roth at 5-cent.us
Mon Mar 8 14:48:11 UTC 2010


> On 3/6/2010 4:04 PM, nate wrote:
>>
>> if you can upload source code,
>> you can upload a precompiled binary
>
> True, but most attacks are automated, and try to attack as wide a range
> of machines as possible.
>
> If I were to write a bit of malware for *ix that needed a custom binary
> on the target machine, I'd at least consider distributing it as C code,
> banking on the fact that most *ix systems have a C compiler installed by
> default these days.
<snip>
Which is why, for the 10 or 11 years that I've used a linux box as a
firewall router at home, it had almost *nothing* on it, and that was
before I ran Bastille against it. I intended it as a cheap (old hardware,
the second one was scrounged) firewall/router, and *nothing* *else*. So,
when I built it, no compilers, no languages (other than things like perl
and awk and shells), no X... and only one user other than the system users
(me).

           mark



More information about the CentOS mailing list