On Wed, May 26, 2004 at 10:31:21AM -0700, Bill Moseley wrote: > On Wed, May 26, 2004 at 09:36:52AM -0600, s. keeling wrote: > > Usenix' ;login: had an article recently discussing this sort of > > vulnerability. If you're letting just anyone at your C compiler, you > > MAY be facilitating exploits. > > I suppose any access is more of a security risk. But if someone can > gain access via a network then it seems like they could also probably > compile a program elsewhere and bring it in also.
If the binary is +r; it could be copied and +x added; or the entire thing just interpreted through ld $ /lib/ld-2.3.2.so `which gcc` test.c > > Personally, I'd tend to think that once they're in, all bets are off > > and locking down the C compiler is the least of your problems. > > Exactly. Indeed - attempting to lock down binaries like that serves only to instill a false sense of security. -- Jon Dowland -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]