[distcc] some questions

joerg.beyer at email.de joerg.beyer at email.de
Mon Sep 30 12:12:01 GMT 2002

Aaron Lehmann <aaronl at vitelus.com> schrieb am 29.09.02 23:03:04:
> On Sun, Sep 29, 2002 at 10:15:01PM +0200, joerg.beyer at email.de wrote:
> > for xecurity reasons, you should not have a compiler installed
> > on a firewall. A compiler is a powerfull tool for an attacker - so he
> > should not find one on a firewall.
> I'm sorry but this is false. A compiler is NOT a dangerous tool. It is
> entirely unprivileged. An attacker can easily compile code on a
> similar system and upload it to the target system, install a compiler
> on the target system, or build a cross compiler on his/her own system
> if necessary.

well I was reffering to the practice stated as:

Disable or uninstall any unnecessary services and software on the 
firewall that are not specifically required.

you may as well call me paranoid, that's ok for me :-)


More information about the distcc mailing list