[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries
From: Luis Ressel <aranea () aixah ! de>
Date: 2015-02-28 23:08:40
Message-ID: 20150301000840.0fa380f1 () gentp ! lnet
[Download RAW message or body]
On Sun, 22 Feb 2015 18:17:00 +1300
Kent Fredric <kentfredric@gmail.com> wrote:
> For instance, perhaps a sysadmin simply wants to lock up GCC and make,
> having a straight forward way do to that in bashrc would help them
> achieve that, without them having to dish out a full ACL/LDAP setup,
> and without then needing to retouch the perms manually every install.
>
And why would anyone want to lock up GCC? If an attacker can execute
files he's created himself, he'll always find a way to get a compiler
(or at least an assembler) up and running.
And if he can't (which *would* be a sensible security feature for which
implementations are available, for example grSecurity's TPE) -- well,
then the GCC won't be of any help for the attacker, because he can't
execute the compiled binary.
Not that it matters. :)
--
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic