> On 3/6/2010 4:04 PM, nate wrote:
>>
>> if you can upload source code,
>> you can upload a precompiled binary
>
> True, but most attacks are automated, and try to attack as wide a range
> of machines as possible.
>
> If I were to write a bit of malware for *ix that needed a custom binary
> on the target machine, I'd at least consider distributing it as C code,
> banking on the fact that most *ix systems have a C compiler installed by
> default these days.
<snip>
Which is why, for the 10 or 11 years that I've used a linux box as a
firewall router at home, it had almost *nothing* on it, and that was
before I ran Bastille against it. I intended it as a cheap (old hardware,
the second one was scrounged) firewall/router, and *nothing* *else*. So,
when I built it, no compilers, no languages (other than things like perl
and awk and shells), no X... and only one user other than the system users
(me).
mark