Re: chrooting daemons

To: dark@xs4all.nl (Richard Braakman)
Cc: bruce@pixar.com, debian-policy@lists.debian.org, tom@ml.tele.fi
Subject: Re: chrooting daemons
From: joost@rulcmc.leidenuniv.nl (joost witteveen)
Date: Thu, 16 Oct 1997 13:59:01 +0200 (CEST)
Message-id: <m0xLoZx-000CL6C@rulcmc.leidenuniv.nl>
In-reply-to: <m0xLmej-001NLVC@night> from Richard Braakman at "Oct 16, 97 11:55:48 am"

> It might be even easier to link the daemon statically.  It's not going to
> be able to share its libraries with any other program anyway.

Linking them statically may open other security holes: there are
bugs found in the libraries. Fixing the libc bugs will then also
require the system admin to re-link all those statically linked daemons,
and I'm sure some will be overlooked quite easily.

> Of course, that means that sites that want that kind of security will have
> to compile the daemons themselves.  

And re-compile.


-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

Reply to:

References:
- Re: chrooting daemons
  - From: dark@xs4all.nl (Richard Braakman)

Prev by Date: Re: chrooting daemons
Next by Date: Re: Mailing list crossposting
Previous by thread: Re: chrooting daemons
Next by thread: Re: chrooting daemons
Index(es):
- Date
- Thread