Re: dynamically linked suid binaries - Request for enlightment
while doing some reading on secure software development (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf) I came across the advice always link your priviliged binaries statically. However a quick check on my system revealed me almost all suid/sgid programs being dynamically linked (the two exceptions traceroute/traceroute6 startle me even more). Since the advice makes sense to me (it keeps some rather complicated machinery out of delicate matters) I'm wondering why it is not followed on OpenBSD. Early in the days of shared libraries, a lot of vendors had bugs in their ld.so code, and the most risky ones were for setuid programs of course. Very small bugs, which got fixed in time. This resulted in the meme amongst people to link setuid programs statically. We all know that driving cars fast causes more accidents. Right? That is a meme of the same quality. The problem is that once bugs are fixed, and noone makes them anymore the stupid people keep parroting the same concepts. That is hardly surprising. (BTW, about 10 years ago, FreeBSD had a bug in their crt0 that made every single setuid and setgid program vulnerable. Did a meme arise to not link against the C run time startup code? Nope. Of course not.)
dynamically linked suid binaries - Request for enlightment
Hi list, while doing some reading on secure software development (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf) I came across the advice always link your priviliged binaries statically. However a quick check on my system revealed me almost all suid/sgid programs being dynamically linked (the two exceptions traceroute/traceroute6 startle me even more). Since the advice makes sense to me (it keeps some rather complicated machinery out of delicate matters) I'm wondering why it is not followed on OpenBSD. Are there other ways to simply 'do this right'? I would apreciate any pointers for further reading on that matter. No trolling intended, I'm just curious. kind regards tilo
Re: dynamically linked suid binaries - Request for enlightment
On Fri, 10 Feb 2006, Tilo Stritzky wrote: Hi list, while doing some reading on secure software development (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf) I came across the advice always link your priviliged binaries statically. However a quick check on my system revealed me almost all suid/sgid programs being dynamically linked (the two exceptions traceroute/traceroute6 startle me even more). Since the advice makes sense to me (it keeps some rather complicated machinery out of delicate matters) I'm wondering why it is not followed on OpenBSD. Are there other ways to simply 'do this right'? I would apreciate any pointers for further reading on that matter. Read man ld.so. The dynamic linker has special provisions to handle s/guid programs. -Otto
