On Fri, 2003-01-24 at 20:27, Larry Smith wrote: > > > You might want to chmod 700 gcc for a bit of extra security -that > > > RaQFuCk.sh script (or was it the SSL exploit) needs to get hold of gcc to > > > do it's thing. > > > > Yup, that's a neat idea. Many UNIX exploits/worms rely on the C > > compiler, so closing access to it will thwart them. I guess I'd add it > > to my "quick security guide"... > > Just from my "personal" point of view, I chmod 444 the gcc program since any > exploit that gets "root" level would still have access to gcc under mode 700. > Under mode 444 is it not "executable" and therefore won't work for anyone > without changing the mode first, but then again I am "paranoid" (see > hosts.allow.conf)
If the intruder already have root access, he does not need to compile anything anyway. It seems that a number of exploit scenarios involve getting non-root access, compiling a piece of code and using it to get root access. Not that disabling gcc is a real defence, just a thwart for some ready-to-use exploit scripts. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
