[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] Policies for games dirs, new group "gamestat" for sgid binaries
From:       Luis Ressel <aranea () aixah ! de>
Date:       2015-02-28 23:08:40
Message-ID: 20150301000840.0fa380f1 () gentp ! lnet
[Download RAW message or body]


On Sun, 22 Feb 2015 18:17:00 +1300
Kent Fredric <kentfredric@gmail.com> wrote:

> For instance, perhaps a sysadmin simply wants to lock up GCC and make,
> having a straight forward way do to that in bashrc would help them
> achieve that, without them having to dish out a full ACL/LDAP setup,
> and without then needing to retouch the perms manually every install.
> 

And why would anyone want to lock up GCC? If an attacker can execute
files he's created himself, he'll always find a way to get a compiler
(or at least an assembler) up and running.

And if he can't (which *would* be a sensible security feature for which
implementations are available, for example grSecurity's TPE) -- well,
then the GCC won't be of any help for the attacker, because he can't
execute the compiled binary.

Not that it matters. :)

-- 
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC  E53D 08F5 7F90 3029 B5BD

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]