On Mon, 19 Mar 2001, Scott Blachowicz wrote:
> On Tue, Mar 20, 2001 at 12:55:22PM +1100, Damien Miller wrote:
> > On Mon, 19 Mar 2001, Bill Campbell wrote:
> >
> > > As a general rule, it's a Bad Idea(tm) to compile security-related programs
> > > like this using shared libraries because there's always the possibility
> > > that somebody's going to switch libraries on you.
> >
> > That is just silly - if someone is in a position to play games with you
> > system libraries then they can do a lot more damage than that.
>
> That depends on how things are linked and what the OS allows for
> overriding the shared library search paths...in some cases, you could
> probably do
>
> export LD_LIBRARY_PATH=/my/library/dir:$LD_LIBRARY_PATH
>
> to get the searching to find your own libs first.
So what?
For a start, this won't work with set[ug]id binaries on any sane OS.
Secondly, why bother statically linking -lcrypto when an attacker could
simply replace libc using the above technique?
-d
--
| Damien Miller <[EMAIL PROTECTED]> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
