Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri, 25 Apr 2003 09:34:50 -0500
From: "Steve Bremer" <steveb@...coinc.com>
To: owl-users@...ts.openwall.com
Subject: Re: Next Release

> But the real danger here isn't with ping and traceroute themselves,
> but rather with generic SUID/SGID program startup code: in libc, in
> the dynamic linker, and even in the kernel itself.  

Good point.  Doesn't matter how secure the app is written if the host 
is compromised before the app itself actually launches.  Using a 
static binary should eliminate the linker problem, but you're still left 
with bugs in libc and the kernel.  

Thanks for the info,
Steve Bremer
NEBCO, Inc.
System & Security Administrator

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux