releases and stuff
robert at linuxfromscratch.org
Mon Nov 15 04:03:35 PST 2004
I'm having trouble understanding how important it is to not have a compiler on
the system. If a user has write/execute permission anywhere, all they need to
do is upload a precompiled program. Even if the filesystem is read-only the
program can be run from a file descriptor in ram. Using a second box as a
compiler seems to be unnessesarily difficult with only superficial gains. If
a user wants to run thier program I don't think a lack of compiler will stop
them, thats more of an access control issue.
On November 15, 2004 01:47 am, Ryan.Oliver at pha.com.au wrote:
> > Ultimately, because it isn't safe to have devel tools on a system
> > regardless of whether or not they are mounted or not. Putting all the
> > devel in /opt is nice and tidy to some extent.
> I must admit I cannot live without some devel tools on my systems.
> Safest way is to keep them in an encrypted loopback filesystem for
> when you do actually need them.
> This is generally a file in roots homedir, and mounted in a directory under
> roots homedir.
> Not ideal (tools are still there, albeit hard to get at), but it can
> get you out of a bind ;-)
> Something to think about anyway...
More information about the hlfs-dev