when last we saw our hero (Wednesday, May 14, 2003), Daniel Taylor was madly tapping out: > On Wed, 14 May 2003, Matthew S. Hallacy wrote: > > > On Fri, May 09, 2003 at 09:48:19AM -0500, Daniel Taylor wrote: > > > > > As security features go it is a pretty good one. I'd like to see > > > perl gone also. For a production firewall you want nothing that > > > makes it any easier for an intruder to install software on the > > > computer than necessary. Of course, this means that you have to > > > do all of your binary production on a compatible dev system, but > > > that is as it should be. > > > > Until they just scp their staticly linked programs in. Not having > > a compiler on the system does nothing for security. > > > It eliminates entire classes of attack. There is no such thing as > perfect security, but why make it any easier for the bad guys than > you have to? > > Not having a compiler/interpreter on the system means they _have_ to > have pre-compiled static/compatible binaries for the system. > > This pretty much eliminates cross platform automated attacks, and > ensures that _your_ attacker will have to approach your system with > the personal attention and TLC that it deserves ;) this might stop the script kiddie - but it's not going to stop a seasoned pro. rule one - make sure you have infrastructure to bootstrap your rootkit independent of access to a compiler, build yerself infrastructure. when people pull this logic out it always cracks me up. what you really need is an environment that doesn't support user code. the pros have the ability to insert statically linked executables on the fly from their own infrastructure. -- steve ulrich sulrich at botwerks.org PGP: 8D0B 0EE9 E700 A6CF ABA7 AE5F 4FD4 07C9 133B FAFC _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list