-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sven Vermeulen wrote: > Finding a compiler "dangerous" on a system is overrated imo. If you really > want to restrict the use of the compiler, don't make it world-executable.
Sure, as you said, you can upload all you need to have a rootkit. But it slows down the attacker. It provides a longer window of attacker-unstealthness (?!). In any case, the problem lies in the system being broken-into, and not in it having a compiler. Once the attacker is in, you already have a problem :P Security is a state of the mind. - -- Arturo "Buanzo" Busleiman - www.buanzo.com.ar Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man! KTP Consultores - info AT ktpconsultores.com.ar Romper un sistema de seguridad los acerca tanto a ser hackers como el encender autos puenteando los convierte en ingenieros automotrices. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDjE4QAlpOsGhXcE0RArBcAJ4vJhkQkb7u4KhWDgAeFdNI4mTUawCfahqa Z73lNg4V51X1wHUFPOpCmHk= =3FZm -----END PGP SIGNATURE----- -- [email protected] mailing list
