On Wed, 28 Aug 2002, Noriyuki Soda wrote:

> >>>>> On Tue, 27 Aug 2002 17:34:14 +0200 (CEST),
> 	Johnny Billquist <bqt@update.uu.se> said:
> 
> > While true, that goes both ways. It also becomes a potentially more
> > dangerour system. Sneak things into libc, and you have an even better
> > chance at perverting things.
> 
> > I don't want to get into a security discussion here, but I don't really
> > like the dynamic library things being praised as a security improver.
> 
> This objection doesn't make any sense.

If I put it this way then:
assuming you have a number of plastic cards, and a way of changing the PIN
code for all of them in one stroke. Would you consider it an improvement
of your security to have the same code on all cards?

> If an intruder can modify a file in root partion, he don't have to
> use libc as the target. Rather, he can use kernel image to modify.
> Then he can do everything he wants. (Even without dynamic /bin or
> /sbin, of course).

Yes. But assuming he can just manage by luck (or whatever) to sneak
something in, then libc is a really good candidate, even better now than
before.

	Johnny

Johnny Billquist                  || "I'm on a bus
                                  ||  on a psychedelic trip
email: bqt@update.uu.se           ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol