On Mon, 16 Feb 2009 13:48:04 +0100 Johannes Frandsen <j...@imento.dk> wrote:
> I got in to a discussion about which server to recommend for running > the php5 symfony framework, and I recommended Gentoo as I had been > using it my self for a couple of years and have been very satisfied > with it. > Somebody pointed out that having a productions server with a gcc > installed was a big no no security wise, so I did a bit of goggling on > that topic and found a couple of articles supporting that view. I suppose it makes sense only in much broader context: "remove everything that isn't necessary, even gcc". It might certainly give attacker a harder time, but if it's x86/64 linux machine, I think that hardly matters - static binaries won't be a problem, so, if you're seriously considering that step to be necessary - get rid of coreutils (especially that 'rm' utility) and all the interpreters (even awk!) first. -- Mike Kazantsev // fraggod.net
signature.asc
Description: PGP signature
