[rescue] SGI fw_sshd and security
Dave McGuire
mcguire at neurotica.com
Sun Mar 7 12:38:36 CST 2004
On Mar 7, 2004, at 4:20 AM, Jonathan C. Patschke wrote:
>> We had a discussion at $WORK some days ago about whether to link zlib
>> dynamically or statically. We decided to load it dynamically because
>> of
>> _security reasons_ - when a security bug was found in zlib, it was a
>> pain in the ass to recompile every binary that linked zlib statically
>> and on some machines some binaries were probably still left
>> vulnerable.
>
> Look at it from the other way. What if someone finds a way to
> overwrite
> libwrap.so with a trojaned one by use of a local exploit? Keep in mind
> that most code that uses libwrap.so tends to also have root privileges
> and be associated with a network connection.
I hate to point this out, but generally speaking, someone needs to
already own the box to overwrite libwrap.so.
-Dave
--
Dave McGuire "My tummy hurts now, but my soul
Cape Coral, FL feels a little better." -Ed
More information about the rescue
mailing list