From owner-freebsd-security Tue Apr 21 09:40:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA09335 for freebsd-security-outgoing; Tue, 21 Apr 1998 09:40:00 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA09240 for ; Tue, 21 Apr 1998 16:39:20 GMT (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (localhost [127.0.0.1]) by dingo.cdrom.com (8.8.8/8.8.5) with ESMTP id JAA00416; Tue, 21 Apr 1998 09:35:42 -0700 (PDT) Message-Id: <199804211635.JAA00416@dingo.cdrom.com> X-Mailer: exmh version 2.0zeta 7/24/97 To: woods@zeus.leitch.com (Greg A. Woods) cc: freebsd-security@FreeBSD.ORG Subject: Re: Using MD5 insted of DES for passwd ecnryption In-reply-to: Your message of "Tue, 21 Apr 1998 11:32:22 EDT." <199804211532.LAA22702@brain.zeus.leitch.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 21 Apr 1998 09:35:41 -0700 From: Mike Smith Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > [ On Tue, April 21, 1998 at 05:59:33 (-0700), Mike Smith wrote: ] > > Subject: Re: Using MD5 insted of DES for passwd ecnryption > > > > As soon as you have more than one *different* binary running out of > > /bin, you win of course, as there's only *one* copy (at most) of the > > common shared libraries being backed by physical memory. > > That's not necessarily true, at least from what I've learned second > hand. There can be a certain amount of overhead in terms of extra VM > pages allocated for shared memory, so one additional shared binary may > still not result in even reaching the same memory footprint as the same > fully static binaries would. Er, that's exactly what I said. > In any case I'd be horrified to learn that whatever scheme of > controlling password encryption is chosen relies on shared libraries. Why? That's like saying that you'd be horrified to learn that the scheme used executable programs, or relied on the VM system working. > I think it should always be possible to statically link the whole system > if one so desires. That's the one sure way to test if shared libraries > are causing any weirdness. How are you supposed to load arbitrary (possibly third-party) authentication modules if you have to have the source at build time? That's stupid. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message