On Thu, 15 May 2003, Eric Estabrooks wrote: > > > Not having a compiler/interpreter on the system means they _have_ to > > have pre-compiled static/compatible binaries for the system. > > > > This pretty much eliminates cross platform automated attacks, and > > ensures that _your_ attacker will have to approach your system with > > the personal attention and TLC that it deserves ;) > > > > Unless you've gotten rid of all shells on the box (bash, ash, tcsh, ...) > you haven't elimitated cross platform automated attacks at all. The > fact is if there is any interpreter on the box an automated bootstrap > can happen. > > I agree that not having the compilers on there will slow them down but > not by much. > > Even better is to use any of the kernel security patches that prevent > executable stacks and watch for buffer overflows, they slow things down > a little but worth the security if its a mission critical box. > True. For a hard-core firewall box you want to eliminate all GP scriptable programs from the system. I do believe that shells qualify as interpreters however (even though it is easy to forget that they are). -- Daniel Taylor dante at argle.org Forget diamonds, Copyright is forever. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list