John Nemeth wrote:
>      Given all these problems, an application really can't trust
> anything about the environment in which it is run, therefore it really
> doesn't matter what is linked against it.

Of course it does.

Just because applications cannot have complete trust of their
environment doesn't mean we should throw our hands up and give up to bad
design or link against badly designed libraries. Or worse, let
security-critical applications modify their state with loadable modules,
and think it's all right to do it. Or just give up and not even consider
security.

Attitudes like these lead to security disasters such as the last OpenSSH
one. I don't know about you, but I am tired of constant upgrading of
OpenSSH on multiple machines.

Some software written with security as its primary goal may be broken
into through holes in its environment, but you can't blame those holes
on the application's design in question. Unfortunately OpenSSH isn't one
of them.