From owner-freebsd-security Thu May 11 12:13:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from turing.csis.gvsu.edu (turing.csis.gvsu.edu [148.61.162.181]) by hub.freebsd.org (Postfix) with SMTP id 99EE637B809 for ; Thu, 11 May 2000 12:13:31 -0700 (PDT) (envelope-from matt@csis.gvsu.edu) Received: (qmail 30111 invoked by uid 0); 11 May 2000 19:13:30 -0000 Received: from pm490-34.dialip.mich.net (HELO contempt.badmofo.net) (198.110.188.92) by csis.gvsu.edu with SMTP; 11 May 2000 19:13:30 -0000 Received: (qmail 6863 invoked by uid 500); 11 May 2000 19:15:44 -0000 From: matt@csis.gvsu.edu Date: Thu, 11 May 2000 15:15:44 -0400 To: Derek Werthmuller Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <20000511151544.A6826@contempt.badmofo.net> References: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu>; from dwerthmu@ctg.albany.edu on Thu, May 11, 2000 at 03:04:41PM -0400 X-my-OS-is-better-than-your-OS: FreeBSD 4.0-STABLE i386 X-suspicion-breeds: confidence Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It took Derek Werthmuller 17 lines to say: > I'm interested in applying standard "Release" versions of FreeBSD with out > using a compiler in the system. I generaly don't advise leaving a working > compiler in say a firewall or a hardened system. I know that I can have a > seperate system that I can use to connect via CVS and use that to update the > hardened systems. But doesn't that just keep my sources up to date and I > still need to build/build world every so often? Is there another way to > apply the security related patches ? How about 'chmod 500 /usr/bin/{cc,ld}' and do your 'make world's as root? If an attacker has root, using the compiler is the least of your worrys. -- matt@csis.gvsu.edu http://www.csis.gvsu.edu/matt 03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F Trying is the first step towards failure - Homer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message