> > But what if your system has no compiler? When attacker should compile his > > sploit anywhere, and transfer binary evil code onto your box. E.g. he has > to > > have access to the similar machine, maybe with similas OS version and arch. > > I know not having a compiler has been considered "secure systems > best practice" for a long, long time - but it comes from a distant > past when compilers for networked systems were expensive tools,
I can keep quiet no longer :-) Here is the definitive answer to the question. This does indeed come from long ago, but not from any of the reasons yet stated. Back in the old days when the only access to a system was by a modem to a login prompt, and there was no networking available to make things easy, the only way to get a binary on to a machine was to somehow enter it from the keyboard (or equivalent, eg pulling it in via tip's ~ escapes) The thought was that if there was no way to compile a source file, and no way to say turn a hex file into binary (i.e. programs like uudecode were also removed) then it was impossible to create a working binary because you could not simply cat > file with binary characters. This sort of worked for a little while, until people worked out how to write executable programs consisting solely of printable ascii text :-) Although to be honest it was never much protection anyway, as there were several other workarounds you could easily find. It was also only useful in some very restricted environments where you were allowing people a shell but restricting them to specific turnkey commands. Some people also used it as a backup safety mechanism for completely captured environments, so that if they broke out and got a shell, they couldn't do anything with it. As you all know there are *far* better ways of doing this now, and indeed there probably were even at the time. But as someone who was there at the time, I can assure you that this is where the myth of not installing a compiler for security reasons came from. Graham
