Incoming from Bill Moseley: > On Wed, May 26, 2004 at 03:10:54AM +0300, Micha Feigin wrote: > > I could be a permission issue. I know some systems don't allow > > compiling as a regular user for security reasons so that if crackers > > break in they won't be able to use the local c compiler to build a root > > exploit. > > Can you post a reference to where this "security" configuration is > recommended?
It was common knowledge when I got into this stuff. Pg. 382 of "Unix System Administrator's Bible" has a listing of a short C program that exploits a buffer overflow in Solaris' "ping". Whether it still works, who knows? Usenix' ;login: had an article recently discussing this sort of vulnerability. If you're letting just anyone at your C compiler, you MAY be facilitating exploits. Personally, I'd tend to think that once they're in, all bets are off and locking down the C compiler is the least of your problems. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
