From: Damien Miller (djmmindrot.org)
Date: Tue May 02 2006 - 01:21:19 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2 May 2006, josh wrote:

> Hello...
>
> Some people seem to think that installing a compiler inherently makes
> their system less secure... despite never being able to cite any
> actual reasons why.
>
> Personally, I really dont see how a compiler is going to lessen
> security, particuarly when they are used to patch the system, But I
> was wondering what people here thought?

Some people think that compilers give an attacker extra tools with which
they can escalate privilege once they have gained access to a system.
Such people typically ignore an attacker's ability to compile source on
a different system and upload it, or their ability upload a compiler
directly.

-d

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]