Should gcc be accessable by others?
j.e.drews at att.net
j.e.drews at att.net
Wed Jun 16 09:08:51 PDT 2004
Hi:
I see that gcc, g++, and other tools are usable by world (others). I was wondering if that is a bad idea as I read here:
http://www.itworld.com/nl/lnx_sec/09242002/pf_index.html
that the slapper worm used gcc to compile it's exploit.
Excerpt:
The worm requires gcc to compile the .bugtraq.c file. ....
Is it a good idea to change the permisions on the gcc tools to 750 ? I looked through the FreeBSD Handbook and could find no advice on this matter. Also are there other tools that should not be available like strace? How can I find out which ones are potentially exploitable?
I am a newcomer to FreeBSD and have been using it for less than a year so don't be cross if these questions are naive.
Kind regards,
Jonathan
More information about the freebsd-questions
mailing list