Re: a point is being missed
Scott Barman (scott@Disclosure.COM)
Fri, 3 Nov 1995 17:40:47 -0500
On Fri, 3 Nov 1995, *Hobbit* wrote:
> Why in all this telnetd flap has nobody mentioned that /bin/login should
> be relinked STATICALLY? That at least defers the LD_* class of problem
> until after login has done the setuid and exec, but still leaves things
> like IFS passed to scripts.
>
> Still, my own rule of thumb is that any binary that talks to the net,
> handles inbound connections, handles authentication, etc ... should not be
> depending on shared libs. It's well worth the miniscule disk space hit.
> Vendors, LISSEN UP.
I agree 100%. However, have you ever tried to do that under Solaris 2.4?
I once convinced a client to build a firewall with SunOS 4.1.4 rather
than Solaris 2 because we couldn't statically link with many of the
libraries (e.g., there is no static -lresolv and in -lnsl one of the
gethost* or get-something functions is not compiled correctly in the
static version of the library). I also haven't seen a patch from Sun
that would fix this, either.
With 2.5 a few days away, and since I am not a beta tester, I was
wondering if someone knew if this was fix?
TIA
scott barman
--
scott barman DISCLAIMER: I speak to anyone who will listen,
scott@disclosure.com and I speak only for myself.
barman@ix.netcom.com
"I don't know if security explains why the Win95 support Web servers run BSDI
2.0--an Intel-based Unix--rather than Windows NT, which Microsoft insists is
the ideal Web software solution. Does Redmond know something we don't know?"
-Robert X. Cringely, INFORWORLD, 9/11/95