Should gcc be accessable by others?
Geert Hendrickx
geert.hendrickx at ua.ac.be
Thu Jun 17 06:32:19 PDT 2004
I think a better solution would be to mount the user-writable partitions
(/home, /tmp) with option "noexec". That prevents users from having their own
executables, whether locally compiled or not.
GH
On Wed, Jun 16, 2004 at 04:08:29PM +0000, j.e.drews at att.net wrote:
> Hi:
>
> I see that gcc, g++, and other tools are usable by world (others). I was
> wondering if that is a bad idea as I read here:
> http://www.itworld.com/nl/lnx_sec/09242002/pf_index.html
>
> that the slapper worm used gcc to compile it's exploit. Excerpt: The worm
> requires gcc to compile the .bugtraq.c file. ....
>
> Is it a good idea to change the permisions on the gcc tools to 750 ? I
> looked through the FreeBSD Handbook and could find no advice on this matter.
> Also are there other tools that should not be available like strace? How can
> I find out which ones are potentially exploitable? I am a newcomer to
> FreeBSD and have been using it for less than a year so don't be cross if
> these questions are naive.
>
> Kind regards,
> Jonathan
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list