On Fri, 10 Feb 2006, Tilo Stritzky wrote: > Hi list, > > while doing some reading on secure software development > (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf) > I came across the advice "always link your priviliged binaries > statically". > > However a quick check on my system revealed me almost all suid/sgid > programs being dynamically linked (the two exceptions traceroute/traceroute6 > startle me even more). > > Since the advice makes sense to me (it keeps some rather > complicated machinery out of delicate matters) > I'm wondering why it is not followed on OpenBSD. > > Are there other ways to simply 'do this right'? > > I would apreciate any pointers for further reading on that matter.
Read man ld.so. The dynamic linker has special provisions to handle s/guid programs. -Otto