On Sun, 22 Feb 2015 18:17:00 +1300 Kent Fredric <kentfred...@gmail.com> wrote:
> For instance, perhaps a sysadmin simply wants to lock up GCC and make, > having a straight forward way do to that in bashrc would help them > achieve that, without them having to dish out a full ACL/LDAP setup, > and without then needing to retouch the perms manually every install. > And why would anyone want to lock up GCC? If an attacker can execute files he's created himself, he'll always find a way to get a compiler (or at least an assembler) up and running. And if he can't (which *would* be a sensible security feature for which implementations are available, for example grSecurity's TPE) -- well, then the GCC won't be of any help for the attacker, because he can't execute the compiled binary. Not that it matters. :) -- Luis Ressel <ara...@aixah.de> GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
pgpXbFXj0pClM.pgp
Description: OpenPGP digital signature
