I think a better solution would be to mount the user-writable partitions (/home, /tmp) with option "noexec". That prevents users from having their own executables, whether locally compiled or not.
GH On Wed, Jun 16, 2004 at 04:08:29PM +0000, [EMAIL PROTECTED] wrote: > Hi: > > I see that gcc, g++, and other tools are usable by world (others). I was > wondering if that is a bad idea as I read here: > http://www.itworld.com/nl/lnx_sec/09242002/pf_index.html > > that the slapper worm used gcc to compile it's exploit. Excerpt: The worm > requires gcc to compile the .bugtraq.c file. .... > > Is it a good idea to change the permisions on the gcc tools to 750 ? I > looked through the FreeBSD Handbook and could find no advice on this matter. > Also are there other tools that should not be available like strace? How can > I find out which ones are potentially exploitable? I am a newcomer to > FreeBSD and have been using it for less than a year so don't be cross if > these questions are naive. > > Kind regards, > Jonathan > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"