Return-Path: X-Original-To: oracle-l@orafaq.com Delivered-To: oracle-l@orafaq.com Received: from puck1183.startdedicated.com (localhost [127.0.0.1]) by puck1183.startdedicated.com (Postfix) with ESMTP id 117A21960198 for ; Tue, 3 Mar 2015 00:25:53 +0100 (CET) Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by puck1183.startdedicated.com (Postfix) with ESMTP for ; Tue, 3 Mar 2015 00:25:52 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 5400C2769C; Mon, 2 Mar 2015 18:25:52 -0500 (EST) Authentication-Results: turing.freelists.org; dkim=fail (verification failed; insecure key) header.i=@poderc.com; dkim-adsp=none (insecure policy) X-Virus-Scanned: Debian amavisd-new at turing.freelists.org Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPKwat21wQem; Mon, 2 Mar 2015 18:25:52 -0500 (EST) Received: from turing.freelists.org (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id EFFF127717; Mon, 2 Mar 2015 18:25:35 -0500 (EST) Received: with ECARTIS (v1.0.0; list oracle-l); Mon, 02 Mar 2015 18:24:14 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 36A9B23BE2 for ; Mon, 2 Mar 2015 18:24:14 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 277U0bqNu5nf for ; Mon, 2 Mar 2015 18:24:14 -0500 (EST) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 7D9C222D7E for ; Mon, 2 Mar 2015 18:24:13 -0500 (EST) Received: by labgq15 with SMTP id gq15so33969928lab.3 for ; Mon, 02 Mar 2015 15:24:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=poderc.com; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=HH2+KfSJ09d9VX0BVQu7D8USfthLH737BC/twTus2fw=; b=VWdfLCeLK2i4wzzvkzPc9AMtBcg0r2IDyRtA+BIM2XgkR0FWWPigxZw+ctCLD+S2FX dsQlWt4dyYMdiiuB9XPPpWdEz3N46afDl9bQFGE7fUymV19g186jyUSrXoDsmb1bfI29 m4J3j/+y8sOR06o4CoKGHUwU8ZPpP4dZkS+NE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HH2+KfSJ09d9VX0BVQu7D8USfthLH737BC/twTus2fw=; b=CjVZ10qlYFO2Iyzikk/KAwUgbdb/9TzZrqcKlvZ2CMYKBcMkEs4Y8JeRrZG/DAx3Le mZUh32GUaZw2FSOdhYJ/xA8cDyt2iqfcDMfBLWPajA8YgTjqqXuld3uv/pp3OoAPDmk/ 7JFJC8BNbe997xnRRON2fZsLKqm3oW66z274gVggo3j0CmBUvyyfgMA3hWACLHN6Qgor Jwu0erfVD6rtzYG/QKJKVWj1TIYPwGaSWiiEx3eUp7M5kGVjTpCqyUU6LXka93oaGJ1Z Tlt8ZDsL9Jv3XXTGthVk8WYVpw1bzyQ7IkvC1XkIfJ+40wuCWF+IDcS5BT/j+RfSUV2S gg5w== X-Gm-Message-State: ALoCoQl5maxWkcoMy1L5EHHwHcvr6DXEs+MxAwkWUkzQBAHhPi0fJM0KAShv70SCDhytoD9nSXl9 MIME-Version: 1.0 X-Received: by 10.152.22.33 with SMTP id a1mr26671992laf.79.1425338652352; Mon, 02 Mar 2015 15:24:12 -0800 (PST) Received: by 10.25.42.4 with HTTP; Mon, 2 Mar 2015 15:24:12 -0800 (PST) In-Reply-To: <1211288883.1853437.1425324345912.JavaMail.yahoo@mail.yahoo.com> References: <1211288883.1853437.1425324345912.JavaMail.yahoo@mail.yahoo.com> Date: Mon, 2 Mar 2015 17:24:12 -0600 X-Google-Sender-Auth: R9iz9YexewCQl4z6x2LXvZedTgE Message-ID: Subject: Re: gcc compiler From: Tanel Poder To: ckaj111@yahoo.ca Cc: "oracle-l@freelists.org" Content-Type: multipart/alternative; boundary=089e0158b9360efd150510568469 X-archive-position: 58908 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: tanel@tanelpoder.com Precedence: normal Reply-To: tanel@tanelpoder.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l --089e0158b9360efd150510568469 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I know this requirement may come from a policy defined by someone else, but I would ask what kind of security risk will be avoided by removing a C compiler (but leaving all other compilers/interpreters like python, perl etc behind?). The usual perceived risk is that someone can compile and run C source on a system with a compiler. But similarly, if one can ship source code to a server and run the compiler binary, one could just ship and run a malicious binary directly. Or run a python script that does the damage. Python, with ctypes for example can call any C-based system library. Tanel On Mon, Mar 2, 2015 at 1:25 PM, Chris King wrote: > Greetings all! > > I=E2=80=99m doing a fresh installation of Oracle 12c and 11g on a new lin= ux RHEL6 > server. Pre-requisites include gcc and gcc-c++ compilers. The system admi= n > wants to remove these compilers after installation because they constitut= e > a security risk. I=E2=80=99m thinking doing so should be okay, as long as= these > compilers are re-installed when Oracle patches are applied. Does anyone > have experience doing this? > > Thanks in advance. > ChrisK > > --089e0158b9360efd150510568469 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I know this requirement may come from a policy defined by = someone else, but I would ask what kind of security risk will be avoided by= removing a C compiler (but leaving all other compilers/interpreters like p= ython, perl etc behind?).=C2=A0

The usual perceived risk= is that someone can compile and run C source on a system with a compiler. = But similarly, if one can ship source code to a server and run the compiler= binary, one could just ship and run a malicious binary directly. Or run a = python script that does the damage. Python, with ctypes for example can cal= l any C-based system library.

Tanel
=C2= =A0

On Mon, = Mar 2, 2015 at 1:25 PM, Chris King <ckaj111@yahoo.ca> wrote:<= br>
Greetings all!
=C2=A0
I=E2=80=99m doing a fresh installation of O= racle 12c and 11g on a new linux RHEL6 server. Pre-requisites include gcc and gcc-c++ compilers. The system admin wants to remove these compilers after installation because they constitute a security risk. I=E2=80=99m thinking doing so should be okay, a= s long as these compilers are re-installed when Oracle patches are applied. Does anyone hav= e experience doing this?
=C2=A0
Thanks in advance.
ChrisK


--089e0158b9360efd150510568469-- -- http://www.freelists.org/webpage/oracle-l