HPE Community
Operating System - HP-UX
1851059 Members
2531 Online
104056 Solutions
New Discussion

Remove bundled c compiler?

 
SOLVED
Go to solution
jmb
Regular Advisor

‎12-10-2003 08:39 AM

‎12-10-2003 08:39 AM

Remove bundled c compiler?

I work in an environment that sometimes expects extra security. I've been asked to see what is involved in removing the bundled c compiler from 11i. I do understand the power of the bundled version is quite limited.

I do not see the compiler included in swlist - maybe I'm not looking the right way?

Is there any other way to delete it than simply removing /usr/bin/cc_bundled? Any other pieces that should come with it?

Thanks - (I assign points).
0 Kudos
Reply
2 REPLIES 2
Sanjay_6
Honored Contributor

‎12-10-2003 08:42 AM

‎12-10-2003 08:42 AM

Re: Remove bundled c compiler?

Hi,

This might mess up your system. The system uses the bundled compiler to compile and rebuild kernel and stuff like that.

Hope this helps.

Regds
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-10-2003 08:44 AM

‎12-10-2003 08:44 AM

Solution

Re: Remove bundled c compiler?

Don't do this!!! You will make it impossible to install patches which require a kernel rebuild. You could tighten things up so that only root is able to execute cc and ld. Kernel rebuild are the real reason the bundled c compiler is included; that it is also a very limited development system is gravy. Having a c compiler is not really dangerous as the underlying security is still in place. A C program doing an operation is no more dangerous than other unix utilities UNLESS the user gains root permission and is able to create a setuid program. In that case, the danger was not the C program itself but rather someone allowing him to be root.

If it ain't broke, I can fix that.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.