Re: Security Changes For Fedora 9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 04 January 2008 05:55:49 pm riley.marquis@xxxxxxxxxxxxxxx wrote:
> In regards to the GCC lockdowns, it was my understanding that sometimes
> hackers use our own compilers against us by logging in as a normal user,
> using gcc to build their hacktools, and then using the built tools to
> compromise root.  Is this something that is no longer done?  Just curious.

It's still done, but it's not really common. The system is probably going to 
have Python, Perl, or both if it's anything but a very stripped-down box. 
That's something normally seen only in some sort of high-security context, 
where Fedora really wouldn't be the distro of choice. The level of pain in 
removing either of these would be large, considering the Python-based admin 
tools, Python being used in support of HP printers (if hesiod is still used), 
Perl being used for LogWatch, etc.

Given that level of pain, an attacker can have high confidence in the 
interpreters being present, and can use either language to write something 
like a simplistic HTTP client, and in turn download whatever cracking tools 
you need. That's assuming you can't grab them with more conventional tools, 
such as ftp, wget, curl, scp, etc., which are also highly likely to be 
present. About the only defense against that is to disallow originating 
connections from the system via firewall. Again, not something you'd commonly 
see on a Fedora installation.

In summary, if this level of protection were required, you a) likely would not 
be using Fedora, and b) would have many other tools to remove first, in 
security cost/benefit order.



--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux