On 8/24/06, Anton Karpov <[EMAIL PROTECTED]> wrote:
Removing compiler doesn't bring much more security to your system, but it can make it a little bit safer. Very little bit, but safer. I mean, if your system has local root hole, for example, in this case cracker should compile his sploit somethere outside your box, and transfer binary file onto it, thus, it takes more time than "cat > /tmp/.slp01t.c && gcc /tmp/.spl01t.c && ./a.out". And usually, crackers limited in time resources.
This patently futile measure contributes zero security to the system and it does not make the system even 'a little bit safer'. Please substantiate your claim based on the security record of a large Redmond-based OS that is distributed sans compiler.
