Subject: Re: Shared libraries and crypt
To: None <,>
From: David Burren <>
List: current-users
Date: 03/19/1994 09:19:42
Ok, as the originator of this thread ("What do you mean, it's _my_ fault?" :-)
here's my summary of what I've seen go by so far:

Pros for having crypt in a shared library:

	- Programs such as xdm that use the crypt library can be shipped
	  in and out of the US without worrying about export restrictions.

	- It's convenient.

Cons against it:

	- It opens another security hole in that someone might make you
	  execute a different, wired, crypt when you don't realise.

However, it has been pointed out that if someone can switch shared libraries
on you, _everything_ is broken.
To quote Mark P. Gooderum <>:

> It's caveat emptor, it's up to the site to make sure that only root can
> diddle with shared libraries.  If someone has gained root access, then
> you're in sheep dip anyways.  Since always references the absolute
> path first when looking for a shared library, even diddling with
> LD_LIBRARY_PATH doesn't help.  Granted a chroot() can fake it out, but you
> need to be root to do that too...

So, my vote at the moment is that to have crypt shared is a Good Thing.  Thank
you all for your comments.

- David B. (it's working now :)