Explaining the need for a C compiler - to a security group

Mike Wallis mike at dubdubdub.co.uk
Sat Oct 27 11:13:48 CEST 2007

The counter argument i've heard is this:

"but they'd need to compile a module for the specific kernel/OS they  
were attacking"

But with vmware, it's not exactly a lot of effort to have VMs for each  
of the major OSes you're wanting to work with compile remotely and  
then copy the compromised kernel module to the new host.

-- mike

On 26 Oct 2007, at 17:36, Ivan Voras wrote:

> Cryer,Phil wrote:
>> "The days when you could prevent people from running non-approved
>> programs by removing the C compiler from your system ended roughly  
>> with
>> the VAX 11/780 computer."
>> My reply is, if an attacker is on the box and can compile code, you
>> already have more problems to worry about.  What other arguments  
>> could I
>> use?
> Some of the (trivial, probably) arguments that come to my mind:
> - the attacker can bring his own C compiler to the box
> - the attacker can use perl, php, ruby, sh and other interpreters for
> almost everything he can use C for (the big exception is probably  
> kernel
> code).
> <ivoras.vcf>_______________________________________________
> varnish-misc mailing list
> varnish-misc at projects.linpro.no
> http://projects.linpro.no/mailman/listinfo/varnish-misc

More information about the varnish-misc mailing list