Am 29.04.2014 20:51, schrieb Chris Adams: > Once upon a time, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> said: >> You're considering only the escalation way to do it, but there are >> other ways to exploit code laying around, like when some web pages >> don't sanitize the URL enough and end up allowing executing >> something in the system, much like sql injection. In those cases, >> one could craft URLs to run wget or any other tool that may help the >> intruder get even more inside. > > Down that path lies madness. Are you going to remove /bin/sh? If not, > virtually anything else is possible wrong question - is /bin/sh used? if the answer is yes then the anser to your question is no the point is remove anything *unneeded* from production systems that are best practices for many years and for good reasons anything which is not present can't make troubles * security * things get enabeld by bugs * wasted space (keep backups in mind, especially off-site backups) * possible dependecy problems on cloud-systems (to play bullshit-bingo) or simply virtualized infrastructure you pay multiple times for any overhead and if the case happens that you pay for a security problem this is also multiplied that's why on hardened systems mostly customized packages are installed and the most interesting outputs of ./configure --help are the ones starting with "--without" and "--disable"
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
