Explaining the need for a C compiler - to a security group

[Ivan Voras]

Cryer,Phil wrote:

> "The days when you could prevent people from running non-approved
> programs by removing the C compiler from your system ended roughly with
> the VAX 11/780 computer."

> My reply is, if an attacker is on the box and can compile code, you
> already have more problems to worry about.  What other arguments could I
> use?

Some of the (trivial, probably) arguments that come to my mind:

- the attacker can bring his own C compiler to the box
- the attacker can use perl, php, ruby, sh and other interpreters for
almost everything he can use C for (the big exception is probably kernel
code).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ivoras.vcf
Type: text/x-vcard
Size: 232 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20071026/1d944944/attachment-0002.vcf>