From owner-cvs-all@FreeBSD.ORG Sun Nov 16 23:09:28 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08AF916A4D1 for ; Sun, 16 Nov 2003 23:09:28 -0800 (PST) Received: from rootlabs.com (root.org [67.118.192.226]) by mx1.FreeBSD.org (Postfix) with SMTP id 4E6BA44015 for ; Sun, 16 Nov 2003 23:07:08 -0800 (PST) (envelope-from nate@rootlabs.com) Received: (qmail 59074 invoked by uid 1000); 17 Nov 2003 07:06:57 -0000 Date: Sun, 16 Nov 2003 23:06:57 -0800 (PST) From: Nate Lawson To: David Schultz In-Reply-To: <20031117064036.GA51447@VARK.homeunix.com> Message-ID: <20031116230605.S59017@root.org> References: <200311170639.hAH6dduA076667@repoman.freebsd.org> <20031117064036.GA51447@VARK.homeunix.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: cvs-src@FreeBSD.ORG cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/nologin Makefile nologin.c nologin.sh X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2003 07:09:28 -0000 On Sun, 16 Nov 2003, David Schultz wrote: > On Sun, Nov 16, 2003, David Schultz wrote: > > Modified files: > > sbin/nologin Makefile > > Added files: > > sbin/nologin nologin.c > > Removed files: > > sbin/nologin nologin.sh > > Log: > > Reimplement nologin(8) as a C program. This allows us to statically > > link it at low cost and avoid environment poisoning attacks associated > > with LD_LIBRARY_PATH. > > For those who care, here are the relevant sizes to the nearest kilobyte: > > 24K static C program > 5K dynamic C program > 2K shell script > 1K assembly program > > The bloat in the static version is due to crt0 pulling in atexit(), > which in turn depends on malloc(), free(), and some pthread mutex code. Tim Kientzle floated some patches to remove this dependency about a year ago but they never got committed. Perhaps now that he's done with the dynamic root work, he can clean them up and commit them. -Nate