Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 24/25/26 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 13th July 2017, 08:22 AM
lgsit Offline
Registered User
 
Join Date: Apr 2012
Location: /home/lgsit
Posts: 16
windows_98_nt_2000chrome
Question Is GCC a possible security risk if permanently installed?

Hello,

I've been watching some honeypot videos on YouTube and had a look, how these intruders operate. The malware they try to install is written in different languages such as Perl or C.

For example, Perl and Python interpreters are installed by default (and not only under Fedora), so an intruder can execute his malware scripts "without further effort".

Now, a good friend of mine recommended to avoid GCC to be installed on the system. The question is does that make sense? I mean, if an intruder is inside my system, he can install further software (and he should be able to figure out how) and compile the code.

To cut a long story short, as soon as someone infiltrated my system (worst case scenario), everything can happen and it absolutely does not matter, whether e. g. GCC is installed or not. So, should I avoid GCC installed on my system permanently (or should I install it every time I need it and uninstall again when done)?

Thanks in advance!
Reply With Quote
  #2  
Old 13th July 2017, 08:42 AM
ocratato Online
Registered User
 
Join Date: Oct 2010
Location: Canberra
Posts: 2,573
linuxfirefox
Re: Is GCC a possible security risk if permanently installed?

I think the advice to not have a compiler installed comes from places where allowing the users to build or modify programs would present a problem. Generally you want to make sure everything on a production system has been through formal testing, and a good way to enforce that is to not allow a compiler in the production environment.

As you say, if unauthorised access has been accomplished, then having gcc is rather irrelevant as Python etc can do as much damage. And, normally you still need root to install to places on your path.
__________________
Has anyone seriously considered that it might be turtles all the way down?
That's very old fashioned thinking.
The current model is that it's holographic nested virtualities of turtles, all the way down.
Reply With Quote
  #3  
Old 13th July 2017, 09:45 AM
lgsit Offline
Registered User
 
Join Date: Apr 2012
Location: /home/lgsit
Posts: 16
linuxfirefox
Re: Is GCC a possible security risk if permanently installed?

Thank you for your fast answer!

Yes, root privileges are also required, did not have in mind (also had to work with Ubuntu in the last time where you just have to enter yout user password to get higher privileges). If an intruder has your root password or can exploit something to get these, you're toast anyway.

For example, at work we use RHEL and CentOS, with an absolutely minimalistic set of programs and tools (only the stuff we really need). Furthermore, you have to start a proxy service on another system to gain access to the internet (the systems do not have any "direct" way to the internet).

All our workstations run Fedora, also requires that proxy to gain interet access, but there I needed GCC as well as the kernel sources to compile the real-time protection of an anti-virus software.

At home, I am using e. g. VirtualBox. I used to use the version from the repos, but I had some issues back then (package disappeared after kernel update as far as I remember, but does not matter here). Due to this, I decided to use the version from the website which also requires GCC and the kernel sources.

Of course, a firewall and SELinux are installed on all the systems mentioned above, the latter should also report suspicious activity.

So, that's what I will do:

After upgrading to Fedora 26 I will use the VirtualBox version from the standard repos again and avoid GCC as good as possible or when I need it, uninstall it when done.

Thanks again!
Reply With Quote
Reply

Tags
gcc, installed, permanently, risk, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why Are Web Applications a Security Risk? mmix Security and Privacy 1 9th September 2012 02:10 PM
Security risk of an unencrypted /boot partition? zackf Security and Privacy 5 10th April 2009 03:07 PM
Google Analytics security risk Evil_Bert Wibble 4 23rd November 2008 11:59 PM


Current GMT-time: 12:30 (Thursday, 20-07-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat