Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Apr 1998 11:54:28 -0400 (EDT)
From:      woods@zeus.leitch.com (Greg A. Woods)
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: Using MD5 insted of DES for passwd ecnryption 
Message-ID:  <199804221554.LAA01077@brain.zeus.leitch.com>
In-Reply-To: Mark Murray's message of "Tue, April 21, 1998 20:31:17 %2B0200" regarding "Re: Using MD5 insted of DES for passwd ecnryption " id <199804211831.UAA26779@greenpeace.grondar.za>
References:  <199804211831.UAA26779@greenpeace.grondar.za>

next in thread | previous in thread | raw e-mail | index | archive | help
[ On Tue, April 21, 1998 at 20:31:17 (+0200), Mark Murray wrote: ]
> Subject: Re: Using MD5 insted of DES for passwd ecnryption 
>
> Not so. There exists the probability that dlopen could be fixed to work 
> for statically linked apps to allow them to find and use arbitrary (binar
> y) .so objects.

Dynamic loading is "dynamic", no matter at what level it happens.  One
reason for not doing dynamic loading is for security paranoia.  If
everything's static then it's much harder to introduce foreign code,
esp. into running processes.

As for doing this kind of run-time loading with dlopen(), well I'd
suggest that there are lots of other better APIs in wide use already.

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221554.LAA01077>