From owner-freebsd-arch  Thu Jul 27 21:39:15 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74])
	by hub.freebsd.org (Postfix) with ESMTP
	id 24D1E37B9C5; Thu, 27 Jul 2000 21:39:12 -0700 (PDT)
	(envelope-from jdp@polstra.com)
Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13])
	by wall.polstra.com (8.9.3/8.9.3) with ESMTP id VAA00982;
	Thu, 27 Jul 2000 21:39:10 -0700 (PDT)
	(envelope-from jdp@polstra.com)
From: John Polstra <jdp@polstra.com>
Received: (from jdp@localhost)
	by vashon.polstra.com (8.9.3/8.9.1) id VAA25171;
	Thu, 27 Jul 2000 21:39:09 -0700 (PDT)
	(envelope-from jdp@polstra.com)
Date: Thu, 27 Jul 2000 21:39:09 -0700 (PDT)
Message-Id: <200007280439.VAA25171@vashon.polstra.com>
To: arch@FreeBSD.ORG
Reply-To: arch@FreeBSD.ORG
Cc: rwatson@FreeBSD.ORG
Subject: Re: How much security should ldconfig enforce?
In-Reply-To: <Pine.NEB.3.96L.1000727111119.93015D-100000@fledge.watson.org>
References: <Pine.NEB.3.96L.1000727111119.93015D-100000@fledge.watson.org>
Organization: Polstra & Co., Seattle, WA
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In article
<Pine.NEB.3.96L.1000727111119.93015D-100000@fledge.watson.org>, Robert
Watson <rwatson@FreeBSD.ORG> wrote:

> I would support either the "revert" or (3) option, but definitely
> not support this being a compile-time flag.

Don't worry, it isn't going to be a compile-time flag. :-)

> So my preference here is: permissions and ownership in the base
> install are fine.  The default compile (and preferably install)
> should allow users to include group-writable shared library paths,
> if not world-writable paths.

One thing to consider is that the hints file is only writable by root.
In fact, ldconfig sets it to mode 444 every time it updates it.  So
your average user can't even _run_ ldconfig in any mode except to
list the existing hints file.  Allowing group-writable shared library
directories is useless for adding new directories because you still
have to persuade root to run the ldconfig command for you.  OTOH,
if ldconfig has already been run then you can add new files to an
existing directory without rerunning ldconfig.  (That's specific to
ELF.  It won't work for a.out.)  Does this change your opinion?

John
-- 
  John Polstra                                               jdp@polstra.com
  John D. Polstra & Co., Inc.                        Seattle, Washington USA
  "Disappointment is a good sign of basic intelligence."  -- Chögyam Trungpa



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message