On Wed, 14 May 2003, Matthew S. Hallacy wrote: > On Fri, May 09, 2003 at 09:48:19AM -0500, Daniel Taylor wrote: > > > As security features go it is a pretty good one. I'd like to see perl > > gone also. For a production firewall you want nothing that makes it any > > easier for an intruder to install software on the computer than > > necessary. Of course, this means that you have to do all of your binary > > production on a compatible dev system, but that is as it should be. > > Until they just scp their staticly linked programs in. Not having a > compiler on the system does nothing for security. > It eliminates entire classes of attack. There is no such thing as perfect security, but why make it any easier for the bad guys than you have to? Not having a compiler/interpreter on the system means they _have_ to have pre-compiled static/compatible binaries for the system. This pretty much eliminates cross platform automated attacks, and ensures that _your_ attacker will have to approach your system with the personal attention and TLC that it deserves ;) -- Daniel Taylor dante at argle.org Forget diamonds, Copyright is forever. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list