David Burren writes :
> 
> Ok, as the originator of this thread ("What do you mean, it's _my_ fault?" :-)
> here's my summary of what I've seen go by so far:

I agree with the points you made:
In order to compromise libcrypt, it is first necessary to compromise
root or bin, and once either of these is compromised I can think
of far easier ways to nail a system.

Arguing that a shared libcrypt is dangerous is almost as good as
arguing that the presence of /bin/sh is a security risk: if someone
can replace /bin/sh with something of their choice, they can
do whatever they like!

If you are writing any set[ug]id software, make sure you stomp the
LD_LIBRARY_PATH, and make sure you don't rely on the path, those are
some of the real things to look out for.

Geoff.
-- 
 Geoff Rehmet, Computer Science Department,   | ____   _ o         /\
 Rhodes University,  South Africa             |___  _-\_<,        /\/\/\
   email : csgr@cs.ru.ac.za                   |    (*)/'(*)    /\/\/\/\/\
         : geoff@neptune.ru.ac.za             |

------------------------------------------------------------------------------