I manage a web hosting server that we've recently upgraded, in part so we could accommodate a domain that will enable community mapping. In a recent exchange of mails one developer said: "I could build the package directly on the server machine you have, provided that the potential security risk posed by having compilers installed is not an issue." and another said: "What sort of security risk is there in having compilers installed on a working server? "Obviously we can remove the compilers, however when Mapserver or postgis get updated, we will need to build new packages somewhere. One option: create a second VM for mapchat. We'll put the build environment on it, and only turn it on to make new packages." I don't have enough experience to assess the security issues. Does anyone have an opinion on this? It would be simple and feasible to allocate another domain as suggested above. Dave -- "It is no measure of health to be well adjusted to a profoundly sick society." Krishnamurti
Dave Stevens wrote:> I don't have enough experience to assess the security issues. Does > anyone have an opinion on this? It would be simple and feasible to > allocate another domain as suggested above.Unless your running an obscure platform having a compiler on the system shouldn't be a big deal, if you can upload source code, you can upload a precompiled binary nate
On Sat, Mar 6, 2010 at 6:02 PM, Dave Stevens <geek at uniserve.com> wrote:> I don't have enough experience to assess the security issues. Does > anyone have an opinion on this? It would be simple and feasible to > allocate another domain as suggested above.The compilers themselves aren't really a security risk, but IF someone gets into your system, there's no need to provide them with tools they can use to do their dastardly deeds. I'm a minimalist when it comes to my production systems. Not having extraneous packages on the system means (ostensibly) less patching, less applications with potential holes which in turn means less surface area to attack, etc. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell
On Sat, Mar 6, 2010 at 6:02 PM, Dave Stevens <geek at uniserve.com> wrote:> I manage a web hosting server that we've recently upgraded, in part so > we could accommodate a domain that will enable community mapping. In a > recent exchange of mails one developer said: > > > "I could build the package directly on the server machine you have, > provided that the potential security risk posed by having compilers > installed is not an issue." > > and another said: > > "What sort of security risk is there in having compilers installed on a > working server? > > "Obviously we can remove the compilers, however when Mapserver or postgis > get updated, we will need to build new packages somewhere. One option: > create a second VM for mapchat. We'll put the build environment on it, > and only turn it on to make new packages." > > I don't have enough experience to assess the security issues. Does > anyone have an opinion on this? It would be simple and feasible to > allocate another domain as suggested above.Just playing Devil's advocate htere... It's conceivable to be kernel specific code that would need to be compiled specifically for a particular system. For example, an exploit in a kernel module loader may need to be compiled. If someone had to deliver this exploit to many systems they could rely upon the ability to compile the code rather than pushing a binary module. The former could very well be hidden in some other vector, but the latter would likely trip off signature or other scanners. I'd generally agree with the others though that in itself installing the compilers is not a great security risk, provided it's sufficiently locked down (e.g., maybe use selinux in addition to basic Unix permissions to prevent running from the web accounts, etc.).
Dave Stevens wrote:> I manage a web hosting server that we've recently upgraded, in part so > we could accommodate a domain that will enable community mapping. In a > recent exchange of mails one developer said: > > > "I could build the package directly on the server machine you have, > provided that the potential security risk posed by having compilers > installed is not an issue."That's how the "Internet Worm" spread. As a general principle, machines on the "periphery" or what one might call "firewall machines" should have nothing installed which they don't need in order to perform their primary intended function. That means both hardware and software, IMO. The less which is there, the fewer potentials for compromise exist. No services should run which aren't necessary for the functioning of the machine. Don't even install them unless you have to, but don't enable/start them if you install them. I would install rkhunter and tripwire, and I would peruse their logs. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I speak only for myself, and I am unanimous in that!