On Fri, 10 Feb 2006, Tilo Stritzky wrote:
> Hi list,
>
> while doing some reading on secure software development
> (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf)
> I came across the advice "always link your priviliged binaries
> statically".
>
> However a quick check on my system revealed me almost all suid/sgid
> programs being dynamically linked (the two exceptions traceroute/traceroute6
> startle me even more).
>
> Since the advice makes sense to me (it keeps some rather
> complicated machinery out of delicate matters)
> I'm wondering why it is not followed on OpenBSD.
>
> Are there other ways to simply 'do this right'?
>
> I would apreciate any pointers for further reading on that matter.
Read man ld.so. The dynamic linker has special provisions to handle
s/guid programs.
-Otto
