releases and stuff

Robert Connolly robert at linuxfromscratch.org
Mon Nov 15 04:03:35 PST 2004


I'm having trouble understanding how important it is to not have a compiler on 
the system. If a user has write/execute permission anywhere, all they need to 
do is upload a precompiled program. Even if the filesystem is read-only the 
program can be run from a file descriptor in ram. Using a second box as a 
compiler seems to be unnessesarily difficult with only superficial gains. If 
a user wants to run thier program I don't think a lack of compiler will stop 
them, thats more of an access control issue.

robert

On November 15, 2004 01:47 am, Ryan.Oliver at pha.com.au wrote:
> > Ultimately, because it isn't safe to have devel tools on a system
> > regardless of whether or not they are mounted or not. Putting all the
> > devel in /opt is nice and tidy to some extent.
>
> I must admit I cannot live without some devel tools on my systems.
> Safest way is to keep them in an encrypted loopback filesystem for
> when you do actually need them.
>
> This is generally a file in roots homedir, and mounted in a directory under
> roots homedir.
>
> Not ideal (tools are still there, albeit hard to get at), but it can
> get you out of a bind ;-)
>
> Something to think about anyway...
>
>  Regards
> [R]



More information about the hlfs-dev mailing list