-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ronan Mullally wrote: > As do many rootkits. If somebody gets local access to a server with a > suite of development tools they're well on their way to rooting the box. > Removing these tools is simply a good example of security in depth.
You just slow the attack a little bit by removing the compiler. The attacker will probably use statically linked binaries, or compile somewhere else. Most rootkits do not depend on external libraries, neither, except for kernel modules, of course, that depend on the kernel's source. But, of course, if they got access to the box, then the compiler is the least of your problems at that time, but I have to admit that the "slowing the attacker down" is an extra layer of protection. It provides the sysadmins/users/monitoring software more time to detect the breach. - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGUa54AlpOsGhXcE0RCv2JAJ9FBW3UVp/LHa0utGFAcjSoD94fVwCeINiK 94XbD11OieY31dQM6M4/URY= =4HBQ -----END PGP SIGNATURE----- -- [EMAIL PROTECTED] mailing list
