> Not having a compiler/interpreter on the system means they _have_ to
> have pre-compiled static/compatible binaries for the system.
> 
> This pretty much eliminates cross platform automated attacks, and
> ensures that _your_ attacker will have to approach your system with
> the personal attention and TLC that it deserves ;)
> 

Unless you've gotten rid of all shells on the box (bash, ash, tcsh, ...) 
you haven't elimitated cross platform automated attacks at all.  The 
fact is if there is any interpreter on the box an automated bootstrap 
can happen.

I agree that not having the compilers on there will slow them down but 
not by much.

Even better is to use any of the kernel security patches that prevent 
executable stacks and watch for buffer overflows, they slow things down 
a little but worth the security if its a mission critical box.

Eric


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list