[ On Saturday, January 29, 2005 at 14:56:55 (+0100), Joerg Sonnenberger wrote: ]
> Subject: Re: static vs. dynamic runtime linking, and silly 'ld -L' breakage
>
> On Fri, Jan 28, 2005 at 07:28:44PM -0500, Greg A. Woods wrote:
> > Defaulting the runtime search path to be a path made up of the '-L'
> > directories (along with the system default paths) even when those might
> > be relative directory references, is another valid approach, and one
> > that was used for a very long time (decades?) on some systems, including
> > early NetBSD (pre-ELF).  However some folks seem so terrified that
> > they'll allow a developer to create a binary that won't run, that they
> > absolutely detest this time-honoured and well proven technique.
> 
> It's not about a program that won't run, it's about SECURITY.

No, it's not about security -- that's also a fallacy.

If there were any true security worries then you could be certain that I
would be the very first to shout out about them.

> You link your program with
> 'cc -L/tmp/test suid-root-me.c -o /usr/bin/suid-root-me' and that
> looks innocent until the system cleans /tmp and the next unpaid admin
> logs into the system.

Any admin, paid or unpaid, who runs a program that was not not well
vetted to meet system security requirements deserves all the hell he or
she lets loose.

There is nothing but a false sense of security on systems that are not
run by following a well designed security policy, one that covers how
software is built and installed _and_ used.


> It's easy to construct less extreme situations,
> but it's just too easy for -L == -R systems to open a back-door.

No, not in any reasonably run system it is not.


-- 
						Greg A. Woods

H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>