Colin Watson <[EMAIL PROTECTED]> writes:
> On Sun, Apr 27, 2008 at 12:56:28PM +0200, Goswin von Brederlow wrote:
>> No idea how to prevent LD_PRELOAD and people could always use their
>> own linker to ignore the sgid bit anyway.
>
> If they want to deliberately start a program with reduced protection and
> then type their password into it, then that's their (foolish) choice.
> The point of this is so that processes started in good faith can't have
> their memory inspected so easily later on.
So it is their own fault if they set LD_PRELOAD to something that will
steal passwords. :)
MfG
Goswin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
