Subject: Re: Shared libraries and crypt
To: Michael L. VanLoon -- Iowa State University <>
From: Chris G. Demetriou <cgd@postgres.Berkeley.EDU>
List: current-users
Date: 03/17/1994 21:44:45
> The disadvantage is that if someone on your box can coax any security
> hole to write something over your shared libcrypt or to write
> something into that area of memory, everything on your box is suddenly
> compromised.  Crypt should not be shared.

As i'm sure has probably been said in mail that's not reached me yet:

if someone on your box has the privs to do that, then:
	(1) they've got root (in which case, you should pack up and
		go home, if they know anything about the system -- if
		not, they won't know about libcrypt anyway!)
	(2) they've found a VM bug.

if (2), and they could overwrite the definition of crypt
in a global manner, they could e.g. overwrite the definitions of
'read' and 'write', etc. to do whatever they wanted too.
i.e. "pack up and go home."

having a shared crypt library:
	(1) poses no significant additional security risks
		(i.e. it can only screw you slightly more...)
	(2) it makes life a fair amount easier for users and

If you're worried about a shared crpyt being your weakest
point, then, well, you obviously haven't e.g. looked at
those nice ethernet taps in other peoples' offices.