Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: a point is being missed

From: scott () Disclosure COM (Scott Barman)
Date: Fri, 3 Nov 1995 17:40:47 -0500

On Fri, 3 Nov 1995, *Hobbit* wrote:


Why in all this telnetd flap has nobody mentioned that /bin/login should
be relinked STATICALLY?  That at least defers the LD_* class of problem
until after login has done the setuid and exec, but still leaves things
like IFS passed to scripts.

Still, my own rule of thumb is that any binary that talks to the net,
handles inbound connections, handles authentication, etc ... should not be
depending on shared libs.  It's well worth the miniscule disk space hit.
Vendors, LISSEN UP.


I agree 100%.  However, have you ever tried to do that under Solaris 2.4?

I once convinced a client to build a firewall with SunOS 4.1.4 rather
than Solaris 2 because we couldn't statically link with many of the
libraries (e.g., there is no static -lresolv and in -lnsl one of the
gethost* or get-something functions is not compiled correctly in the
static version of the library).  I also haven't seen a patch from Sun
that would fix this, either.

With 2.5 a few days away, and since I am not a beta tester, I was
wondering if someone knew if this was fix?

TIA

scott barman
--
scott barman                  DISCLAIMER: I speak to anyone who will listen,
scott () disclosure com                      and I speak only for myself.
barman () ix netcom com
  "I don't know if security explains why the Win95 support Web servers run BSDI
   2.0--an Intel-based Unix--rather than Windows NT, which Microsoft insists is
   the ideal Web software solution.  Does Redmond know something we don't know?"
             -Robert X. Cringely, INFORWORLD, 9/11/95
Previous By Date Next
Previous By Thread Next

Current thread: