Subject: Re: vixie-crontab vunerable?
To: Brett Lymn <firstname.lastname@example.org>
From: Chris G Demetriou <Chris_G_Demetriou@auchentoshan.pdl.cs.cmu.edu>
Date: 12/16/1996 21:34:58
> According to Grey Wolf:
> >Personally, FWIW, I don't see a lot to gain by linking them statically.
> >[them = rlogin[d], telnetd, rshd, etc.]
> It does cut out the possibility of clever dynamic library trojans
> being inserted into the system.
If you can replace the shared libraries, it's likely just as easy
(from a permissions standpoint) to replace the binaries themselves,
and a tool like mtree (with checksums) or tripwire that can catch
modification of one will also catch modification of the other...