OpenSolaris software management
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Sun Jun 13 21:29:24 UTC 2010
On Fri, 11 Jun 2010, William Muriithi wrote:
> Second, do you guys run production server with compilers installed? I
> have a very strong dislike for gcc on production system, but when I
> google for most solution related to open solaris, solution seem to
> always imply compiling stuff and therefore gcc. Never a good idea as
> far as security is concerned. Make it trivially easy to get rooted in
> my opinion.
That certainly was 'conventional wisdom' for a long time and with good
reason. Back when most systems online were proprietary systems on various
architectures (say 15-20 years ago) then you could really slow an attacker
down by preventing them from compiling on your system.
Now that there are far fewer architectures in common use, and fewer OSes
I'd argue that removing the compiler offers little advantage. Few
exploits involve compiling code locally these days.
There is a concept which I call the principal of minimum software which
says you should not install any software that you don't need[1] but I
don't believe the compiler requires any special treatment anymore.
[1] http://practicalsysadmin.com/wiki/index.php/Minimum_Software
Cheers,
Rob
--
Email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org Linux counter ID #16440
IRC: Solver (OFTC & Freenode)
Web: http://www.practicalsysadmin.com
Open Source: The revolution that silently changed the world
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list