On Tuesday 02 May 2006 19:49, Anton Karpov wrote: > But what if your system has no compiler? When attacker should compile his > sploit anywhere, and transfer binary evil code onto your box. E.g. he has > to have access to the similar machine, maybe with similas OS version and > arch. He has to transfer binary to your box properly, leaving your logfiles > silent (it's not so easy to transfer binary file, like text one: cat > > sploit.c ^D, right?). Anyhow, it TAKES TIME for him to do the job.
"Oh my God! OpenBSD on x86? Man, where will I ever find and compile an executable for such an esoteric hardware platform. I'll just give up" Yeah, that will happen. How would that take more time than getting a shell, "uploading" source code and compiling it, anyway? > Maybe, that's why people think box without compiler is a little bit safer? Maybe they are not thinking at all. --- Lars Hansson
