[2365] in bugtraq
Re: a point is being missed
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sun Nov 5 15:30:01 1995
Date: Sun, 5 Nov 1995 11:13:51 -0500
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@piermont.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Sat, 04 Nov 1995 00:09:45 EST."
<199511040509.AAA15038@tertius.mit.edu>
Sam Hartman writes:
> I really hope, however, that vendors don't start linking login
> statically unless they start shipping source with their OS. This
> makes it impossible to fix bugs like syslog(3) by patching shared
> libraries.
One reason I discourage clients from building firewalls out of any
system for which there is no source code is the difficulty of fixing
security bugs in emergencies, shared libraries or no...
Perry
