[Previous] [Next] [Index]
[Thread]
Re: GSS API (as a DLL)...
Ramin Firoozye writes:
[...]
>
>The BIG problem specific to security DLL's is that someone bent on breaking
>security can write a "wrapper" DLL around a security DLL, store all the
>stuff it gets from the caller, pass on the result onto the actual DLL and
>store away the replies as well before passing the reply back up to the
>caller. In other words, it becomes much easier to implement a "spoof the
>login" type scheme.
This is one of the reasons why most (if not all) applications that deal with
secure data (like /bin/login and /bin/su) should be statically linked.
Alec
--
Alec Peterson Panix Public Access UNIX and Internet
chuckie@panix.com New York City, NY
Follow-Ups:
References: