[2346] in bugtraq
a point is being missed
daemon@ATHENA.MIT.EDU (*Hobbit*)
Fri Nov 3 17:09:18 1995
Date: Fri, 3 Nov 1995 09:57:46 -0500
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: *Hobbit* <hobbit@avian.org>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Why in all this telnetd flap has nobody mentioned that /bin/login should
be relinked STATICALLY? That at least defers the LD_* class of problem
until after login has done the setuid and exec, but still leaves things
like IFS passed to scripts.
Still, my own rule of thumb is that any binary that talks to the net,
handles inbound connections, handles authentication, etc ... should not be
depending on shared libs. It's well worth the miniscule disk space hit.
Vendors, LISSEN UP.
_H*
