Date: Wed, 22 Apr 1998 11:54:28 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: freebsd-security@FreeBSD.ORG Subject: Re: Using MD5 insted of DES for passwd ecnryption Message-ID: <199804221554.LAA01077@brain.zeus.leitch.com> In-Reply-To: Mark Murray's message of "Tue, April 21, 1998 20:31:17 %2B0200" regarding "Re: Using MD5 insted of DES for passwd ecnryption " id <199804211831.UAA26779@greenpeace.grondar.za> References: <199804211831.UAA26779@greenpeace.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Tue, April 21, 1998 at 20:31:17 (+0200), Mark Murray wrote: ] > Subject: Re: Using MD5 insted of DES for passwd ecnryption > > Not so. There exists the probability that dlopen could be fixed to work > for statically linked apps to allow them to find and use arbitrary (binar > y) .so objects. Dynamic loading is "dynamic", no matter at what level it happens. One reason for not doing dynamic loading is for security paranoia. If everything's static then it's much harder to introduce foreign code, esp. into running processes. As for doing this kind of run-time loading with dlopen(), well I'd suggest that there are lots of other better APIs in wide use already. -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221554.LAA01077>