[rescue] SGI fw_sshd and security

Dave McGuire mcguire at neurotica.com
Sun Mar 7 12:38:36 CST 2004

On Mar 7, 2004, at 4:20 AM, Jonathan C. Patschke wrote:
>> We had a discussion at $WORK some days ago about whether to link zlib
>> dynamically or statically. We decided to load it dynamically because 
>> of
>> _security reasons_ - when a security bug was found in zlib, it was a
>> pain in the ass to recompile every binary that linked zlib statically
>> and on some machines some binaries were probably still left 
>> vulnerable.
> Look at it from the other way.  What if someone finds a way to 
> overwrite
> libwrap.so with a trojaned one by use of a local exploit?  Keep in mind
> that most code that uses libwrap.so tends to also have root privileges
> and be associated with a network connection.

   I hate to point this out, but generally speaking, someone needs to 
already own the box to overwrite libwrap.so.


Dave McGuire                      "My tummy hurts now, but my soul
Cape Coral, FL                   feels a little better."     -Ed

More information about the rescue mailing list