Bugtraq mailing list archives
Re: a point is being missed
From: mcn () EnGarde com (Mike Neuman)
Date: Wed, 8 Nov 1995 10:35:35 -0600
Casper Dik <casper () holland sun com> wrote:
I have not yet seen any good arguments against dynamic linking. Environment variables and other environmentel tricks have always been possible in Unix.
I don't quite understand this argument. "Sure login is a gaping security hole, but we're not going to fix it because OTHER programs are gaping security holes too!" If you haven't seen a good argument against dynamic linking, read the telnet vulnerability again. The way Sun chose to fix it is a big hack (the PASSENV_ thing, as well as ignored LD_*, IFS, and no-doubt undocumented others) Hacks are *NOT* the way to write good secure code! Unfortunately, I think we're stuck with this dynamic linking propoganda from Sun. There are lots of nice side effects of dynamic linking (consistant ABIs, easy upgradability, etc). In fact, supposedly this is the reason Sun made the switch to System V from the far superior BSD-based SunOS. (Hey, if Sun can force their propoganda down our throats, I can at least give my opinion) :-) If you'd like the full doctrine of Sun regardling dynamic linking, see _Expert_C_Programming_, Peter Van der Linden, SunSoft Press, ISBN 0-13-177429-8 pp 114-121. -Mike mcn () EnGarde com http://www.engarde.com/~mcn
Current thread:
- Re: a point is being missed Sam Hartman (Nov 03)
- Re: a point is being missed Perry E. Metzger (Nov 05)
- <Possible follow-ups>
- Re: a point is being missed Doug Hughes (Nov 04)
- Re: a point is being missed Scott Barman (Nov 06)
- Re: a point is being missed Doug Hughes (Nov 04)
- Re: a point is being missed der Mouse (Nov 04)
- Re: a point is being missed Casper Dik (Nov 06)
- Re: a point is being missed Mike Neuman (Nov 08)
- Re: a point is being missed Scott Barman (Nov 08)
- Re: a point is being missed Bruce Montrose (Nov 09)
- Re: a point is being missed System Administrator (Nov 10)
- Re: a point is being missed Dan Stromberg - OAC-DCS (Nov 09)
- Re: a point is being missed Mark D Riggins (Nov 10)
- Re: a point is being missed Casper Dik (Nov 06)
- Re: a point is being missed Dr. Frederick B. Cohen (Nov 21)