Should gcc be accessable by others?

Geert Hendrickx geert.hendrickx at ua.ac.be
Thu Jun 17 06:32:19 PDT 2004


I think a better solution would be to mount the user-writable partitions
(/home, /tmp) with option "noexec".  That prevents users from having their own
executables, whether locally compiled or not.  

GH


On Wed, Jun 16, 2004 at 04:08:29PM +0000, j.e.drews at att.net wrote:
> Hi:
> 
>  I see that gcc, g++, and other tools are usable by world (others). I was
>  wondering if that is a bad idea as I read here:
>  http://www.itworld.com/nl/lnx_sec/09242002/pf_index.html
> 
> that the slapper worm used gcc to compile it's exploit.  Excerpt: The worm
> requires gcc to compile the .bugtraq.c file. ....
> 
>  Is it a good idea to change the permisions on the gcc tools to 750 ? I
>  looked through the FreeBSD Handbook and could find no advice on this matter.
>  Also are there other tools that should not be available like strace? How can
>  I find out which ones are potentially exploitable?  I am a newcomer to
>  FreeBSD and have been using it for less than a year so don't be cross if
>  these questions are naive.
> 
>                                  Kind regards,
>                                  Jonathan
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list