Re: gcc compiler

From: Tanel Poder <tanel_at_tanelpoder.com>
Date: Mon, 2 Mar 2015 17:24:12 -0600
Message-ID: <CAMHX9JKJnBeYeyZGjA7DX-VehMroKBbTD5+3Q2D2nMxNb==dVQ_at_mail.gmail.com>

I know this requirement may come from a policy defined by someone else, but I would ask what kind of security risk will be avoided by removing a C compiler (but leaving all other compilers/interpreters like python, perl etc behind?).

The usual perceived risk is that someone can compile and run C source on a system with a compiler. But similarly, if one can ship source code to a server and run the compiler binary, one could just ship and run a malicious binary directly. Or run a python script that does the damage. Python, with ctypes for example can call any C-based system library.

Tanel

On Mon, Mar 2, 2015 at 1:25 PM, Chris King <ckaj111_at_yahoo.ca> wrote:

> Greetings all!
>
> I’m doing a fresh installation of Oracle 12c and 11g on a new linux RHEL6
> server. Pre-requisites include gcc and gcc-c++ compilers. The system admin
> wants to remove these compilers after installation because they constitute
> a security risk. I’m thinking doing so should be okay, as long as these
> compilers are re-installed when Oracle patches are applied. Does anyone
> have experience doing this?
>
> Thanks in advance.
> ChrisK
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Mar 03 2015 - 00:24:12 CET

This message: [ Message body ]
Next message: Mladen Gogala: "Re: 12c OCP Upgrade Exam 1Z0-060 Study Material"
Previous message: Mladen Gogala: "Re: gcc compiler"
In reply to: Chris King: "gcc compiler"
Next in thread: Igor Racic: "Re: gcc compiler"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message