From owner-freebsd-security Wed Apr 22 13:24:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA11459 for freebsd-security-outgoing; Wed, 22 Apr 1998 13:24:56 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11358 for ; Wed, 22 Apr 1998 20:24:42 GMT (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.8.8/8.8.8) with ESMTP id WAA02193; Wed, 22 Apr 1998 22:24:26 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.za (8.8.8/8.8.8) with ESMTP id WAA00701; Wed, 22 Apr 1998 22:24:25 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199804222024.WAA00701@greenpeace.grondar.za> X-Mailer: exmh version 2.0.2 2/24/98 To: Poul-Henning Kamp cc: "Matthew N. Dodd" , Nate Williams , Peter Wemm , freebsd-security@FreeBSD.ORG Subject: Re: Static vs. dynamic linking (was Re: Using MD5 insted of DES ...) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 22 Apr 1998 22:24:24 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Poul-Henning Kamp wrote: > What about the root password prompt in /sbin/init ? > > That is the only really troublesome case... Of the very lively dialog that thas passsed on this subject the last couple of days, the most useable solution seems to be (in the case of apps in /(s)bin that may need alternative crypts) is to link them using the normal dynamic flags, except to force them to use the static libraries. This way will get a useable dlopen, and will allow the app to function as required, and will not break the rest of the world with a dynamic /(s)bin/*. The apps can then use a (say) cryptdes.so if it exists. Is my summary OK? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message