2006/8/24, Stephan A. Rickauer <[EMAIL PROTECTED]>: > > People from time to time say they don't want to have a compiler > installed on a productive system due to security issues. I don't > understand this. Isn't is too late anyway, if someone's already able to > make use of the compiler? > > -- >
Removing compiler doesn't bring much more security to your system, but it can make it a little bit safer. Very little bit, but safer. I mean, if your system has local root hole, for example, in this case cracker should compile his sploit somethere outside your box, and transfer binary file onto it, thus, it takes more time than "cat > /tmp/.slp01t.c && gcc /tmp/.spl01t.c && ./a.out". And usually, crackers limited in time resources.
