HPE Community
Operating System - HP-UX
1753487 Members
4556 Online
108794 Solutions
New Discussion юеВ

Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

 
gfette75
Occasional Visitor

тАО10-09-2018 10:31 AM

тАО10-09-2018 10:31 AM

Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

Hello to all.

I have a quick question regarding the cc compilers I see I have on my old HP-UX machines (11.23 and 11.31). I was just told that I should "restrict" the access for compilers just to root, I checked and I was able to compile a hello world! program, so I was trying to find out if there's a way of restricting this other than just chamod 700 to the cc?

dalhda50:/root# type cc
cc is a tracked alias for /usr/bin/cc

dalhda50:/root# ls -ld /usr/bin/cc
lrwxr-xr-t 1 root sys 15 Jun 22 2010 /usr/bin/cc -> /usr/ccs/bin/cc

 

Thank you very much.

Regards,

Gustavo.-

 

0 Kudos
Reply
5 REPLIES 5
Dennis Handly
Acclaimed Contributor

тАО10-09-2018 11:07 AM - edited тАО10-09-2018 11:49 AM

тАО10-09-2018 11:07 AM - edited тАО10-09-2018 11:49 AM

Re: Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

Yes, you could use "chmod og-rx /usr/ccs/bin/cc_bundled" to prevent access.

0 Kudos
Reply
gfette75
Occasional Visitor

тАО10-09-2018 11:31 AM

тАО10-09-2018 11:31 AM

Re: Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

Hi, thanks for the answer. Yes I already did that:

$ ls -ld /usr/ccs/bin/cc
lrwxr-xr-x 1 bin bin 12 Jun 22 2010 /usr/ccs/bin/cc -> ./cc_bundled
$ ls -ld /usr/ccs/bin/cc_bundled
-rwx------ 1 bin bin 400852 Mar 26 2004 /usr/ccs/bin/cc_bundled

$ cc -V
ksh: cc: cannot execute


$ cc hello_world.c -o hello_world.exe
ksh: cc: cannot execute

 

Doesn't work as regular user ID.

 

I was trying to see if there wasn't any other ways other than chmod, but I guess this could work.

 

Regards,

Gustavo.-

0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО10-09-2018 01:29 PM - edited тАО10-09-2018 01:29 PM

тАО10-09-2018 01:29 PM - edited тАО10-09-2018 01:29 PM

Re: Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

> I was trying to see if there wasn't any other ways other than chmod,
> [...]

      man setacl

   If "root" is to be the only allowed user, then setacl may do no more
for you than chmod.  (But, if you _really_ hate chmod, ...)

0 Kudos
Reply
gfette75
Occasional Visitor

тАО10-10-2018 06:11 AM

тАО10-10-2018 06:11 AM

Re: Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

Hi, thanks for answering. I do not have problems with chmod, I just wanted to know if there were another way, the same way you can add users to /etc/ftpusers to not allow them to use ftp.

 

Best regards.

Gustavo.-

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО10-14-2018 09:35 PM

тАО10-14-2018 09:35 PM

Re: Is there a way of restricting the access of compilers to only root users? (in my case it's cc).

> the same way you can add users to /etc/ftpusers to not allow them to use ftp.

No, using the compiler is not usually a security issue.

And the bundled C compiler is not for development.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.