[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compilers make a system less secure?



Hello Anton,

Tuesday, May 2, 2006, 5:05:10 AM, you wrote:

AK> Maybe, because in some cases, it just takes a bit more time to 0wn
AK> your box if it has no compiler installed.

It's like saying that a handgun makes your house an inherently more
dangerous place. Handguns and compilers are both powerful tools. A
person can kill themselves cleaning a handgun, or open their computer
to insecurities by compiling buggy code, but in both cases, the danger
lies in the user, not in the tool.

I can cut my finger off with my table saw, too, if I am not careful.

On multi-user systems, and on compromised systems, users (legitimate
or otherwise) can import and deploy their own tools.

I figure the real choke point, for limiting system damage, is limiting
who gets to use the system, and after that, what sort of permissions
legitimate users are granted.

An illegitimate user with root permissions is god, and can do anything
they want... and probably will, whether they are provided a compiler,
or not.

I have several compilers installed on my Windows boxes, and those
boxes are still far more secure than the average Windows box, run by
the average Windows user, that does not have a single compiler on
board, simply by virtue of the box being owned and operated by a
non-lame users, on a reasonably well-secured LAN (behind a BSD
firewall).


-wittig http://www.robertwittig.com/
.       http://robertwittig.net/