Header image

Servers Don't Need Compilers

In the real world, burglars will frequently break into an attached garage instead of breaking into the house directly. Even if the house has an alarm system, the garage often does not. And the owner of the home usually has provided the burglar with lots of nice tools to break into the main house...

Even if your server daemon is running unprivileged, it still may be able to write files to the local disk. Then an attacker can use the compiler on the local machine to put together an exploit (perhaps even a kernel exploit) tailored just for your machine. The more tools you have lying around on the system, the greater the chance an attacker may find a use for it.


[Prev]   [Up]   [Next]