Am I asking for trouble if I allow users to compile C programs on a shared server? I've seen some web hosts list gcc in their features, but others have disabled it on their servers.

Is it any more dangerous than other languages or tools accessible from the Unix shell?

Not really. As long as the users don't have root access they won't be able to cause any more damage than they could with a wayward Perl script :). By default, most, if not all, Unix variants will not allow any user who is not part of the root group to install anything in directories owned by root.

No, gcc is not dangerous. And disabling it wouldn't do much good anyway -- people could simply compile their code on a different machine and upload the executable.

If you're going to disable anything, disable perl. It is a security risk simply because it allows people to write cgi scripts who would be scared off by a (gasp!) compiler.

I don't think so, gcc is not dangerous by itself. Except if your users are using it to compile their rootkits and exploits or anything against your AUP :). In this case you should warn them instead of disabling gcc.

Originally posted by priyadi
I don't think so, gcc is not dangerous by itself. Except if your users are using it to compile their rootkits and exploits or anything against your AUP :). In this case you should warn them instead of disabling gcc.
We give access to the compiler on a per-account basis. The customer needs to explicitly request access to the compiler, and then we will add their username into the compiler group.

Warning them about compiling rootkits and exploits is a futile excercise. It's like saying "you don't need to lock your doors, just warn the robbers ahead of time that it's against the law to break in". You can bet your last dollar that they know it's against the rules to try cracking your (or any) server. :D

Best Regards,
Matt Lightner
mlightner@site5.com

Originally posted by priyadi
I don't think so, gcc is not dangerous by itself. Except if your users are using it to compile their rootkits and exploits or anything against your AUP :). In this case you should warn them instead of disabling gcc.

You know, if your users get to the point of wanting to compile a rootkit, they'll probably already have access to gcc regardless of what you set the permissions to. ;)