[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Compilers make a system less secure?
- To: misc_(_at_)_openbsd_(_dot_)_org, ab_(_at_)_lists_(_dot_)_gxis_(_dot_)_de
- Subject: Re: Compilers make a system less secure?
- From: Graham Toal <gtoal_(_at_)_gtoal_(_dot_)_com>
- Date: Tue, 02 May 2006 09:46:01 -0500
> > But what if your system has no compiler? When attacker should compile his
> > sploit anywhere, and transfer binary evil code onto your box. E.g. he has to
> > have access to the similar machine, maybe with similas OS version and arch.
> I know not having a compiler has been considered "secure systems
> best practice" for a long, long time - but it comes from a distant
> past when compilers for networked systems were expensive tools,
I can keep quiet no longer :-)
Here is the definitive answer to the question.
This does indeed come from long ago, but not
from any of the reasons yet stated.
Back in the old days when the only access to a system was
by a modem to a login prompt, and there was no networking
available to make things easy, the only way to get a
binary on to a machine was to somehow enter it from the
keyboard (or equivalent, eg pulling it in via tip's ~ escapes)
The thought was that if there was no way to compile a
source file, and no way to say turn a hex file into binary
(i.e. programs like uudecode were also removed) then
it was impossible to create a working binary because
you could not simply cat > file with binary characters.
This sort of worked for a little while, until people
worked out how to write executable programs consisting
solely of printable ascii text :-)
Although to be honest it was never much protection
anyway, as there were several other workarounds you
could easily find.
It was also only useful in some very restricted environments
where you were allowing people a shell but restricting
them to specific turnkey commands. Some people also
used it as a backup safety mechanism for completely
captured environments, so that if they broke out and got
a shell, they couldn't do anything with it.
As you all know there are *far* better ways of doing this
now, and indeed there probably were even at the time.
But as someone who was there at the time, I can assure you
that this is where the myth of not installing a compiler
for security reasons came from.