...on Tue, May 02, 2006 at 03:49:26PM +0400, Anton Karpov wrote: > But what if your system has no compiler? When attacker should compile his > sploit anywhere, and transfer binary evil code onto your box. E.g. he has to > have access to the similar machine, maybe with similas OS version and arch.
I know not having a compiler has been considered "secure systems best practice" for a long, long time - but it comes from a distant past when compilers for networked systems were expensive tools, using expensive operating systems on expensive hardware. So you wouldn't have had ready access to a Solaris box with Sun Forte on it to compile things yourself, and that may have been a major obstacle. In todays world, quickly whipping up a build environment for most systems out there is a no-brainer, and thanks to stuff like qemu you don't even need the appropriate hardware. In short, it may help to discourage a few low-skill attackers (same as getting rid of perl, for example), at the cost of making your own life as systems administrator so much more tedious. Just isn't worth the trade-off anymore, IMHO. Alex.