From owner-freebsd-security  Wed Apr 22 13:24:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA11459
          for freebsd-security-outgoing; Wed, 22 Apr 1998 13:24:56 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11358
          for <freebsd-security@freebsd.org>; Wed, 22 Apr 1998 20:24:42 GMT
          (envelope-from mark@grondar.za)
Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132])
	by gratis.grondar.za (8.8.8/8.8.8) with ESMTP id WAA02193;
	Wed, 22 Apr 1998 22:24:26 +0200 (SAST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by greenpeace.grondar.za (8.8.8/8.8.8) with ESMTP id WAA00701;
	Wed, 22 Apr 1998 22:24:25 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199804222024.WAA00701@greenpeace.grondar.za>
X-Mailer: exmh version 2.0.2 2/24/98
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
cc: "Matthew N. Dodd" <winter@jurai.net>, Nate Williams <nate@mt.sri.com>,
        Peter Wemm <peter@netplex.com.au>, freebsd-security@FreeBSD.ORG
Subject: Re: Static vs. dynamic linking (was Re: Using MD5 insted of DES ...) 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 22 Apr 1998 22:24:24 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Poul-Henning Kamp wrote:
> What about the root password prompt in /sbin/init ?
> 
> That is the only really troublesome case...

Of the very lively dialog that thas passsed on this subject the last 
couple of days, the most useable solution seems to be (in the case of 
apps in /(s)bin that may need alternative crypts) is to link them using 
the normal dynamic flags, except to force them to use the static 
libraries. This way will get a useable dlopen, and will allow the app to 
function as required, and will not break the rest of the world with a 
dynamic /(s)bin/*. The apps can then use a (say) cryptdes.so if it 
exists.

Is my summary OK?

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message