matthew green <mrg@eterna.com.au> writes:
> cgd wrote:
>    Please move your /usr/pkg directory to a different directory, add the
>    right paths in ld.so.conf, and give me write access to /usr/pkg.  i'll
>    show you why it's a bad idea to mix the two.  8-)
> 
> 
> show me a stupid admin and you can break into their system.
> the above does not give me any reason to agree with your
> view point.

the point is, this provides an architectural feature whose only real
purpose is to cause the system to lose.

either you believe in the RPATH model, or you don't.

if you don't believe in the RPATH model (i.e. want to be able to move
your libraries), and RPATH is used (as it currently is by e.g. X11),
then you will probably have dangling links running around to be
exploited.


How many non-stupid admins know that various of their binaries which
otherwise don't use any config files or anything may have shared
library paths hard-coded in?


> i like and use rpaths where ever possible.  i try not to have
> an ld.so.conf where ever possible.

If there's a default that includes both i think i'd make it exactly
the opposite of this, actually.

use ld.so.conf by default, and _never_ have anything provided by the
NetBSD project (i.e. the 'system', be it part of src, xsrc, pkgsrc,
whatever) use RPATHs.

provide the user the ability to use RPATHs for their or third-party
programs (i.e. _not_ the system), so if they use them it's entirely of
their own volition and with their understanding of what's going on.

i.e. "you can safely move anything you get from us, without opening a
potential hole on your system, but if you use RPATH functionality,
you'd better know what you're doing."

that's the only solution i've heard so far that's both safe in the
default case and leaves rope for people to hang themselves.



cgd
-- 
Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.