[rescue] SGI fw_sshd and security

[Patrick Finnegan]

On Sunday 07 March 2004 04:20, Jonathan C. Patschke wrote:
> On Sat, 6 Mar 2004, Meelis Roos wrote:
> > We had a discussion at $WORK some days ago about whether to link
> > zlib dynamically or statically. We decided to load it dynamically
> > because of _security reasons_ - when a security bug was found in
> > zlib, it was a pain in the ass to recompile every binary that
> > linked zlib statically and on some machines some binaries were
> > probably still left vulnerable.
> Look at it from the other way.  What if someone finds a way to
> overwrite libwrap.so with a trojaned one by use of a local exploit? 
> Keep in mind that most code that uses libwrap.so tends to also have
> root privileges and be associated with a network connection.
>
> Security-conscious code like that should be statically-linked. 
> Period. Updating software is a PITA, sure, but a list of everything
> that uses libwrap.a is pretty easy to maintain.

Well, libwrap.(so|a) probably shouldn't be writable, except for by root.  
So if you're overwriting it, you've already got some sort of root on 
the box; game over.  Now, if it's chmod'd 777 or something, then the 
people that set its mode has are retarded, and should be shot. : )

I tend to agree more with Meelis here.  I'd have an easily maintainable 
system where I can fix a bug (especially security related) by replacing 
one library rather than recompiling everything that uses it.

Pat
-- 
Purdue University ITAP/RCS        ---  http://www.itap.purdue.edu/rcs/
The Computer Refuge               ---  http://computer-refuge.org