Bugtraq mailing list archives
Re: a point is being missed
From: dilger () cs ucdavis edu (Michael B. Dilger)
Date: Thu, 9 Nov 1995 09:46:21 PST
Scott Barman <scott () Disclosure COM> writes:
Besides, I don't share you opinion that linking login statically contributes to the security of Solaris 2.x.It limits the attackable objects to one item, which can be secured far better than the program plus EIGHT libraries currently being used by the Solaris 2.4 login program. What's easier to tie down, nine items or one?
You're counting backwards. Would you rather have 10 seperately programmed seperately compiled authentication modules (one for login, one for ftp, etc), or just one in a _shared_ library?
In Solaris 2.6, what would you rather have: a statically linked login or a totally dynamically configurable login?Sun, or anyone else, can make login configurable with a statically linked program. Having something configurable is NOT does not mean having to be dynamically linked! Besides, what kind of configuration options do you need? There are parameters in /etc/default/login that pretty much covers everything (with some exceptions I think would be worth looking into). Do you need a dynamic library to process that file? I don't think so!
So you're basically saying you're happy with what we've got. Look to the future: What about things like S/Key login modules? What about something stronger than that? =M= Michael Dilger dilger () toadflax cs ucdavis edu
Current thread:
- Re: a point is being missed, (continued)
- Re: a point is being missed Scott Barman (Nov 06)
- Re: a point is being missed Doug Hughes (Nov 04)
- Re: a point is being missed der Mouse (Nov 04)
- Re: a point is being missed Casper Dik (Nov 06)
- Re: a point is being missed Mike Neuman (Nov 08)
- Re: a point is being missed Scott Barman (Nov 08)
- Re: a point is being missed Bruce Montrose (Nov 09)
- Re: a point is being missed System Administrator (Nov 10)
- Re: a point is being missed Dan Stromberg - OAC-DCS (Nov 09)
- Re: a point is being missed Mark D Riggins (Nov 10)
- Re: a point is being missed Casper Dik (Nov 06)
- Re: a point is being missed Dr. Frederick B. Cohen (Nov 21)