From owner-freebsd-questions  Wed Feb 18 11:33:52 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA20230
          for freebsd-questions-outgoing; Wed, 18 Feb 1998 11:33:52 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA20175
          for <freebsd-questions@FreeBSD.ORG>; Wed, 18 Feb 1998 11:33:26 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id LAA13797;
          Wed, 18 Feb 1998 11:22:53 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Wed, 18 Feb 1998 11:22:53 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: mgraffam@mhv.net
cc: Studded <Studded@san.rr.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: gcc 2.8.0
In-Reply-To: <Pine.LNX.3.96.980217190037.32749A-100000@localhost>
Message-ID: <Pine.BSF.3.96.980218112024.13769F-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 17 Feb 1998 mgraffam@mhv.net wrote:

> I agree that limited access to the C compiler helps improve the security
> of the system, but you must remember that you are using PC's with a
> free OS. How long do you think it would take for someone to install
> FreeBSD off of CD, get to a shell, compile the exploits they need and
> then upload the binaries to your system? 
> 
> I say 60 minutes, tops.. if the attacker is familiar with FreeBSD.
> I don't think total removal makes much sense on PC's with a free OS.
> There are too many PC's running around, and anyone can get the
> OS.

I bid them good luck on my printserver; there's 2mb left on the disk, and
only telnet, ftp and LPRng are running. :)  And it's a 386/33; compiles
would take hours.  Submitting print jobs takes long enough.

If someone can run your C compiler to compile a program that can break
you, you're already lost.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message