[geeks] Compilers - safe on servers?

[der Mouse]

>> Unless, of course, you have it locked down so tight during normal
>> operation that there _aren't_ a zillion different ways to get a
>> binary from elsewhere onto it, in which case you have a valid point.
> Well for one thing i notice Curl and WGet are both abscent.  That's
> one channel out of the window.

Yes...but what about ftp?  telnet?  netcat?  Given a webserver and a
little local access, tweaking the webserver config and doing a PUT?
There probably are several tools that aren't intended for file transfer
but which can be abused for the purpose in a pinch, and all you need is
one small grappling-hook program and the game is over.  (Well, the game
of "don't let outside software onto the machine", at least.)

> If I had the path to gcc set to something that didn't exist I guess
> all it'd do is fall over when anyone tried to compile...

Yes, but if the compiler is there on the machine it can be used, even
if the default paths don't point to it.

But yes, a compiler that isn't there definitely won't run. :)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B