On Friday 04 January 2008 05:55:49 pm riley.marquis@xxxxxxxxxxxxxxx wrote: > In regards to the GCC lockdowns, it was my understanding that sometimes > hackers use our own compilers against us by logging in as a normal user, > using gcc to build their hacktools, and then using the built tools to > compromise root. Is this something that is no longer done? Just curious. It's still done, but it's not really common. The system is probably going to have Python, Perl, or both if it's anything but a very stripped-down box. That's something normally seen only in some sort of high-security context, where Fedora really wouldn't be the distro of choice. The level of pain in removing either of these would be large, considering the Python-based admin tools, Python being used in support of HP printers (if hesiod is still used), Perl being used for LogWatch, etc. Given that level of pain, an attacker can have high confidence in the interpreters being present, and can use either language to write something like a simplistic HTTP client, and in turn download whatever cracking tools you need. That's assuming you can't grab them with more conventional tools, such as ftp, wget, curl, scp, etc., which are also highly likely to be present. About the only defense against that is to disallow originating connections from the system via firewall. Again, not something you'd commonly see on a Fedora installation. In summary, if this level of protection were required, you a) likely would not be using Fedora, and b) would have many other tools to remove first, in security cost/benefit order. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
