Re: GSS API (as a DLL)...

• To: rpa@netcom.com (Ramin Firoozye)
• Subject: Re: GSS API (as a DLL)...
• From: "Alec H. Peterson" <chuckie@panix.com>
• Date: Wed, 17 Aug 1994 16:46:01 -0400 (EDT)
• Cc: www-security@ns1.rutgers.edu
• In-Reply-To: <199408171803.LAA20899@netcom10.netcom.com> from "Ramin Firoozye" at Aug 17, 94 11:03:29 am

Ramin Firoozye writes:
[...]
>
>The BIG problem specific to security DLL's is that someone bent on breaking 
>security can write a "wrapper" DLL around a security DLL, store all the 
>stuff it gets from the caller, pass on the result onto the actual DLL and 
>store away the replies as well before passing the reply back up to the 
>caller. In other words, it becomes much easier to implement a "spoof the 
>login" type scheme. 

This is one of the reasons why most (if not all) applications that deal with
secure data (like /bin/login and /bin/su) should be statically linked.

Alec

-- 
Alec Peterson                           Panix Public Access UNIX and Internet
chuckie@panix.com                       New York City, NY

• Re: GSS API (as a DLL)...
• From: rpa@netcom.com (Ramin Firoozye)

• RE: GSS API (as a DLL)...
• From: rpa@netcom.com (Ramin Firoozye)

• Previous: Re: GSS API...
• Next: Re: GSS API (as a DLL)...
• Index(es):
  • Index
  • Thread