Date: Thu, 11 May 2000 15:15:44 -0400 From: matt@csis.gvsu.edu To: Derek Werthmuller <dwerthmu@ctg.albany.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <20000511151544.A6826@contempt.badmofo.net> In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu>; from dwerthmu@ctg.albany.edu on Thu, May 11, 2000 at 03:04:41PM -0400 References: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
It took Derek Werthmuller 17 lines to say:
> I'm interested in applying standard "Release" versions of FreeBSD with out
> using a compiler in the system. I generaly don't advise leaving a working
> compiler in say a firewall or a hardened system. I know that I can have a
> seperate system that I can use to connect via CVS and use that to update the
> hardened systems. But doesn't that just keep my sources up to date and I
> still need to build/build world every so often? Is there another way to
> apply the security related patches ?
How about 'chmod 500 /usr/bin/{cc,ld}' and do your 'make world's as root?
If an attacker has root, using the compiler is the least of your worrys.
--
matt@csis.gvsu.edu
http://www.csis.gvsu.edu/matt
03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F
Trying is the first step towards failure - Homer
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000511151544.A6826>