Once upon a time, Jonathan Billings <[email protected]> said: > Is this a best practice? I've heard the argument that one should get > rid of compilers on servers for system security. Also, any additional > packages on a system adds to the number of possible vectors of > attack.
IMHO, this was somewhat true in the past (where there were a dozen or more Unix-derived variations in widespread use), and when attacks were done by hand. Today, attacks are mostly automated bots, and targeting a Unix-like system is almost always targeting Linux. If they can upload source code, they can upload pre-built binaries just as easily. Even if an attack is against a particular kernel version, bots will just try every "known" version of RHEL's kernels, then Ubuntu, etc. I think at this point not having compilers around is more of an inconvenience than any actual security measure. The only thing additional non-privileged packages do is take up more disk space and make updates take longer. -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
