|
Posted by Andrew on July 23, 2006, 6:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hello,
>
> I have been assigned to perform a security review for a HPUX system
> which is in production. One thing I have noticed is that the system has
> a C compiler on the system. Since this is not a development system I
> suggested that it be removed. The sysadmin mentioned that it is
> required to perform kernel compilation, which caught me by surprise. I
> come from the Linux camp. (I do love all flavors of Unix). My
> understanding is that HPUX is a closed source operating system. Has HP
> opened it's source code to open source (like Solaris)?
No.
> If not, then
> what type of kernel code is being compiled by the C compiler?
Very little. HPUX does not "re-compile" a kernel in the same sense
you're used to in Linux. It compiles conf.c (containing driver and
tunable parameter information) and links existing libraries to create a
new kernel. Similar to SCO and other proprietary System V variants.
Patches may contain new libraries which are then linked into a new
kernel during the patch-installation/build process.
See: http://docs.hp.com/en/1219/tuningwp.html
> The
> sysadmin mentioned that this it is a stripped down compiler.
He is correct.
See: http://www.faqs.org/faqs/hp/hpux-faq/
Subject: 6.2.1 Why is the default C compiler brain-dead?
Updated: 04/13/01
The C compiler shipped with HP-UX is intended only to rebuild the kernel
with, not for program development. To get a "real" C compiler, you have
two options:
o buy HP's ANSI C product
o use the GNU C Compiler (gcc), downloadable in binary form from the
Liverpool archive
>
> Thank you in advance for any information.
Out of curiosity, why do you believe that removing a C-compiler from a
UNIX system will make it more secure?
andrew@lod.com
| 
XML site map