Bugtraq mailing list archives

a point is being missed

From: hobbit () avian org (*Hobbit*)
Date: Fri, 3 Nov 1995 09:57:46 -0500


Why in all this telnetd flap has nobody mentioned that /bin/login should
be relinked STATICALLY?  That at least defers the LD_* class of problem
until after login has done the setuid and exec, but still leaves things
like IFS passed to scripts.

Still, my own rule of thumb is that any binary that talks to the net,
handles inbound connections, handles authentication, etc ... should not be
depending on shared libs.  It's well worth the miniscule disk space hit.
Vendors, LISSEN UP.

_H*

Current thread:

Re: SunOS syslog() fix, finally..., (continued)
- - - Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)
    - SGI Security Advisory 19951101 - telnetd SGI Security Coordinator (Nov 17)
    - SGI Security Advisory 19951101 - telnetd : UPDATE SGI Security Coordinator (Nov 17)
    - Re: SunOS syslog() fix, finally... Pug (Nov 10)
    - Turning dynamic into static? Lawrence R. Rogers (Nov 09)
- Re: Telnet attack on SGI Adam Shostack (Nov 02)
- Does the shared lib bug work on any suid program ? Bernd Lehle (Nov 03)
  - Re: Does the shared lib bug work on any suid program ? Fred Blonder (Nov 03)
  - Re: Does the shared lib bug work on any suid program ? John Capo (Nov 03)
  - Re: Does the shared lib bug work on any suid program ? Justin Mason (Nov 06)
- a point is being missed *Hobbit* (Nov 03)
  - Re: a point is being missed Scott Barman (Nov 03)
  - Re: a point is being missed John Stewart (Nov 03)
  - Re: a point is being missed Douglas Siebert (Nov 03)
    - Re: a point is being missed Richard Todd (Nov 04)
  - Re: a point is being missed Casper Dik (Nov 04)
- Re: Telnet attack on SGI Edwin Kremer (Nov 09)
  - Re: Telnet attack on SGI Edwin Kremer (Nov 10)
- Re: Telnet attack on SGI Sam Hartman (Nov 01)
  - Re: Telnet attack on SGI Casper Dik (Nov 06)
- Re: Telnet attack on SGI Adrian (Nov 03)

(Thread continues...)