From owner-freebsd-security Wed Apr 22 14:05:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA26233 for freebsd-security-outgoing; Wed, 22 Apr 1998 14:05:37 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from critter.freebsd.dk (critter.freebsd.dk [195.8.129.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26027 for ; Wed, 22 Apr 1998 21:05:08 GMT (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.8.7/8.8.5) with ESMTP id XAA04942; Wed, 22 Apr 1998 23:02:09 +0200 (CEST) To: Mark Murray cc: "Matthew N. Dodd" , Nate Williams , Peter Wemm , freebsd-security@FreeBSD.ORG Subject: Re: Static vs. dynamic linking (was Re: Using MD5 insted of DES ...) In-reply-to: Your message of "Wed, 22 Apr 1998 22:24:24 +0200." <199804222024.WAA00701@greenpeace.grondar.za> Date: Wed, 22 Apr 1998 23:02:09 +0200 Message-ID: <4940.893278929@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk In message <199804222024.WAA00701@greenpeace.grondar.za>, Mark Murray writes: >Poul-Henning Kamp wrote: >> What about the root password prompt in /sbin/init ? >> >> That is the only really troublesome case... > >Of the very lively dialog that thas passsed on this subject the last >couple of days, the most useable solution seems to be (in the case of >apps in /(s)bin that may need alternative crypts) is to link them using >the normal dynamic flags, except to force them to use the static >libraries. This way will get a useable dlopen, and will allow the app to >function as required, and will not break the rest of the world with a >dynamic /(s)bin/*. The apps can then use a (say) cryptdes.so if it >exists. > >Is my summary OK? Yes, I think we just need to see some code. What about the SHS ($2$) suport for crypt() should we sneak that in at the same time ? Did we also agree that login.conf can specify which encryption to use along these lines: modify existing password: entry in login.conf ? yes: use what login.conf says no: use same as existing password. create new password: entry in login.conf ? yes: use what login.conf says no: use same as current root password -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "ttyv0" -- What UNIX calls a $20K state-of-the-art, 3D, hi-res color terminal To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message