Subject: Re: vixie-crontab vunerable?
To: Brett Lymn <blymn@awadi.com.au>
From: Chris G Demetriou <Chris_G_Demetriou@auchentoshan.pdl.cs.cmu.edu>
List: current-users
Date: 12/16/1996 21:34:58
> According to Grey Wolf:
> >
> >Personally, FWIW, I don't see a lot to gain by linking them statically.
> >
> >[them = rlogin[d], telnetd, rshd, etc.]
> >
> 
> It does cut out the possibility of clever dynamic library trojans
> being inserted into the system.

If you can replace the shared libraries, it's likely just as easy
(from a permissions standpoint) to replace the binaries themselves,
and a tool like mtree (with checksums) or tripwire that can catch
modification of one will also catch modification of the other...



chris