I tried yum install gcc-c++, however, the repos have an old version (4.1) which causes lots of problems and stops me from building a library. I would like to update it to latest. How can I do that?
I'm trying to use gcc-3.4 on the latest Ubuntu. The package is from debian snapshots.
It probably assumes different default directory structure, so for example I was forced to give it -I /usr/include/i386-linux-gnu/, which gcc-4 assumed implicitly.
Currently it compiles everything I gave it just fine, but it can't link. Even the simplest executable results the error:
$ gcc-3.4 ~/tmp.cc -o ~/tmp
/usr/bin/ld: cannot find -lgcc_s
collect2: ld returned 1 exit status
GCC has built in include directories for certain standard headers. I just need to know where this list is. My newly compiled gcc will not compile my little test C++ program because it cannot find standard headers. I think it fails because of some config options I used to make my file system more organized. I set the bindir and libdir, which I think might have screwed up the built-in include paths for some reason.
Program (dummy.c):
#include <iostream>
void main(){}
Command:
g++ dummy.c
Error:
dummy.c:1:20: fatal error: iostream: No such file or directory
I was wondering wether to remove compiler tools (gcc, make, ...) from a remote production server, mainly for security purposes.
Background:
The server runs a web application on Linux. Consider Apache jailed. Otherwise, only OpenSSHd faces the public network. Of course there is no compiler stuff within the jail, so this is about the actual OS outside of any jails.
Here's my personal PRO/CON list (regarding removal) so far:
PRO:
- I had been reading some suggestions to remove compiler tools in order inhibit custom building of trojans etc. from within the host if an attacker attains unpriviliged user permissions.
CON:
- I can't live without Perl/Python and a trojan/whatever could be written in a scripting language like that, anyway, so why bother about removing gcc et al. at all.
- There is a need to build new Linux kernels as well as some security tools from source directly on the server, because the server runs in 64-bits mode and (to my understanding) I can't (cross-)compile locally/elsewhere due to lack of another 64-bits hardware system.
OK, so here are my questions for you:
(a) Is my PRO/CON assessment correct?
(b) Do you know of other PROs / CONs to removing all compiler tools? Do they weigh in more?
(c) Which binaries should I consider dangerous if the given PRO statement holds? Only gcc, or also make, or what else? Should I remove the enitre software packages them come with?
(d) Is it OK to just move those binaries to a root-only accessible directory when they are not needed? Or is there a gain in security if I "scp them in" every time?
Thank you!
Is it possible to build gcc without a c compiler already on the machine? If so, how?