Larry Rosenman writes:
Universal Practice does NOT equal Security and Usability.
Please consider what Kean is saying here.
What Kean is saying is that your system is insecure if you have a setuid
executable that references shared libraries with nonabsolute sonames and
you have a system (an
--On Friday, July 25, 2003 09:37:04 +0200 Peter Eisentraut
[EMAIL PROTECTED] wrote:
Larry Rosenman writes:
Universal Practice does NOT equal Security and Usability.
Please consider what Kean is saying here.
What Kean is saying is that your system is insecure if you have a setuid
executable
Larry Rosenman writes:
I disagree STRONGLY with what you are saying here. What harm does it do to
add the ABILITY for a port to use a ABSOLUTE DT_SONAME?
We can discuss adding the ability, but I'm against enforcing it by
default.
I belive that the issue is not broken systems, but broken
--On Friday, July 25, 2003 11:58:18 +0200 Peter Eisentraut
[EMAIL PROTECTED] wrote:
Larry Rosenman writes:
I disagree STRONGLY with what you are saying here. What harm does it do
to add the ABILITY for a port to use a ABSOLUTE DT_SONAME?
We can discuss adding the ability, but I'm against
Finally I understand the issue, I think.
But wouldn't an ordinary user on SCO wanting to install a private copy of
Pg then have to hack the Makefiles to change/remove the abolute DT_SONAME?
If so, that seems to me to mandate that this not be in the vanilla
distribution. OS Vendors commonly make
Larry Rosenman wrote:
If your system is broken in that particular way, upgrade your system or
don't use setuid programs at all. Those are the only sane choices. It is
not an acceptable choice to disable all valid uses of nonabsolute sonames
for all users, just because some users are
Date: Thursday, July 24, 2003 04:33:12 -0700
From: Kean Johnston [EMAIL PROTECTED]
To: Larry Rosenman [EMAIL PROTECTED]
Cc: Peter Eisentraut [EMAIL PROTECTED]
Subject: Re: [PATCHES] PG Patch (fwd) [openserver patch followup #2]
These concerns might have some merit, but the solution
Larry Rosenman writes:
Why do this at all? Security. Having shared libraries without full SONAME's
is a big security risk. There have been any number of huge explots based
around this. Point me at any Solaris machine = 2.7, or any OSR5 system
507 or any FreeBSD system = 4.0 and I can get
--On Wednesday, July 23, 2003 12:20:34 +0200 Peter Eisentraut
[EMAIL PROTECTED] wrote:
Larry Rosenman writes:
Why do this at all? Security. Having shared libraries without full
SONAME's is a big security risk. There have been any number of huge
explots based around this. Point me at any
2nd followup from Kean.
LER
Forwarded Message
Date: Friday, July 18, 2003 23:43:55 -0700
From: Kean Johnston [EMAIL PROTECTED]
To: Larry Rosenman [EMAIL PROTECTED]
Cc:
Subject: Re: PG Patch
Larry Rosenman wrote:
I got a question from the PG Core Team (Bruce Momjian)
More on the shared lib stuff.
I'd LIKE to get a discussion of this (after just talking to Bruce on the
phone).
If I need to repost Kean's comments to -HACKERS, let me know.
LER
Forwarded Message
Date: Saturday, July 19, 2003 13:50:55 -0700
From: Kean Johnston [EMAIL
11 matches
Mail list logo