Explaining the need for a C compiler - to a security group

Cryer,Phil Phil.Cryer at edwardjones.com
Fri Oct 26 17:53:25 CEST 2007

Can anyone provide a more business sensitive response to "Isn't having a
C compiler on a prod box a security problem"?  While I am in complete
agreement with the listed response:

"The days when you could prevent people from running non-approved
programs by removing the C compiler from your system ended roughly with
the VAX 11/780 computer."

I'm looking for a bit more sensitive response, as I know my security
department is going to come back on this as I move into testing Varnish
against Squid in the next environment.  (Varnish is so much faster, and
does exactly what we want with far less config than Squid - we're really
pushing it!)

My reply is, if an attacker is on the box and can compile code, you
already have more problems to worry about.  What other arguments could I


 If you are not the intended recipient of this message (including attachments), or if you have received this message in error, immediately notify us and delete it and any attachments.  If you no longer wish to receive e-mail from Edward Jones, please send this request to messages at edwardjones.com.  You must include the e-mail address that you wish not to receive e-mail communications.  For important additional information related to this e-mail, visit www.edwardjones.com/US_email_disclosure

More information about the varnish-misc mailing list