On Tue, Aug 27, 2002 at 05:34:14PM +0200, Johnny Billquist wrote:

 > While true, that goes both ways. It also becomes a potentially more
 > dangerour system. Sneak things into libc, and you have an even better
 > chance at perverting things.

What a totally absurd argument.  If someone puts a trojan in your libc,
you're hosed, period.  This is true whether or not /bin and /sbin
are static.

If you want to prevent (or at least make extremely difficult) this, then
set the "immutable" bit on the shlib, and run at a high kern.securelevel.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>