Subject: Re: static vs. dynamic runtime linking, and silly 'ld -L' breakage
To: Joerg Sonnenberger <joerg@britannica.bec.de>
From: Greg A. Woods <woods@weird.com>
List: tech-userlevel
Date: 01/29/2005 16:22:43
[ On Saturday, January 29, 2005 at 14:56:55 (+0100), Joerg Sonnenberger wrote: ]
> Subject: Re: static vs. dynamic runtime linking, and silly 'ld -L' breakage
>
> On Fri, Jan 28, 2005 at 07:28:44PM -0500, Greg A. Woods wrote:
> > Defaulting the runtime search path to be a path made up of the '-L'
> > directories (along with the system default paths) even when those might
> > be relative directory references, is another valid approach, and one
> > that was used for a very long time (decades?) on some systems, including
> > early NetBSD (pre-ELF). However some folks seem so terrified that
> > they'll allow a developer to create a binary that won't run, that they
> > absolutely detest this time-honoured and well proven technique.
>
> It's not about a program that won't run, it's about SECURITY.
No, it's not about security -- that's also a fallacy.
If there were any true security worries then you could be certain that I
would be the very first to shout out about them.
> You link your program with
> 'cc -L/tmp/test suid-root-me.c -o /usr/bin/suid-root-me' and that
> looks innocent until the system cleans /tmp and the next unpaid admin
> logs into the system.
Any admin, paid or unpaid, who runs a program that was not not well
vetted to meet system security requirements deserves all the hell he or
she lets loose.
There is nothing but a false sense of security on systems that are not
run by following a well designed security policy, one that covers how
software is built and installed _and_ used.
> It's easy to construct less extreme situations,
> but it's just too easy for -L == -R systems to open a back-door.
No, not in any reasonably run system it is not.
--
Greg A. Woods
H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com>