Subject: Re: HEADS UP: migration to fully dynamic linked "base" system
To: Johnny Billquist <email@example.com>
From: Jason R Thorpe <firstname.lastname@example.org>
Date: 08/27/2002 08:43:25
On Tue, Aug 27, 2002 at 05:34:14PM +0200, Johnny Billquist wrote:
> While true, that goes both ways. It also becomes a potentially more
> dangerour system. Sneak things into libc, and you have an even better
> chance at perverting things.
What a totally absurd argument. If someone puts a trojan in your libc,
you're hosed, period. This is true whether or not /bin and /sbin
If you want to prevent (or at least make extremely difficult) this, then
set the "immutable" bit on the shlib, and run at a high kern.securelevel.
-- Jason R. Thorpe <email@example.com>