Imagine the typical situation: an attacker get non-root access to your system, maybe due to the hole in your network daemon foobard, maybe due to the badly coded cgi, or maybe he is a legitimate shell user. The next his step is to get full privileges, e.g. root account. Let suppose he has a l33t pr1v4t3 spl01t which exploits local vulnerability in your system. He transfers source code to your box, and, with compiler onboard, he ./0wns you. But what if your system has no compiler? When attacker should compile his sploit anywhere, and transfer binary evil code onto your box. E.g. he has to have access to the similar machine, maybe with similas OS version and arch. He has to transfer binary to your box properly, leaving your logfiles silent (it's not so easy to transfer binary file, like text one: cat > sploit.c ^D, right?). Anyhow, it TAKES TIME for him to do the job. Maybe, that's why people think box without compiler is a little bit safer?
2006/5/2, Nick Holland <[EMAIL PROTECTED]>: > > Anton Karpov wrote: > > Maybe, because in some cases, it just takes a bit more time to 0wn your > box > > if it has no compiler installed. > > Bull. > > I've never heard of someone taking over a box using a compiler. After > all, > the compiler is not exposed to the outside world. At most, they build > some > tools on the system AFTER the takeover. But that's hardly the only way to > get those tools on the system. > > scp works very nicely. > ftp works very nicely. > http works very nicely. > > After all...why download and compile tools when you can just download the > pre-compiled tools? If you can't download the pre-compiled binaries, you > won't be downloading the source, either.
