From: | Larry Rosenman <ler(at)lerctr(dot)org> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-patches(at)postgresql(dot)org, jkj(at)sco(dot)com |
Subject: | Re: PG Patch (fwd) [openserver patch followup #2] |
Date: | 2003-07-23 12:15:19 |
Message-ID: | 5830000.1058962519@lerlaptop.lerctr.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
--On Wednesday, July 23, 2003 12:20:34 +0200 Peter Eisentraut
<peter_e(at)gmx(dot)net> wrote:
> Larry Rosenman writes:
>
>> Why do this at all? Security. Having shared libraries without full
>> SONAME's is a big security risk. There have been any number of huge
>> explots based around this. Point me at any Solaris machine <= 2.7, or
>> any OSR5 system < 507 or any FreeBSD system <= 4.0 and I can get root
>> with 1 tiny program thats on all of them: xterm. It has long upset me,
>> and I am done trying to convince them, but libtool encourages the worst
>> possible .so practices, and may programs seem to have picked up those
>> equally bad practices. There is no need for futzing with ld.conf and the
>> like if people take the time to construct shared libraries propperly.
>> Yes it can be a pain to bootstrap but the reward is very well worth the
>> effort it takes.
>
> These concerns might have some merit, but the solution could not possibly
> be to only fix this on one platform, because the mechanisms are the same
> everywhere. That said, it seems the universal practice is not to put full
> sonames into shared libraries, so it seems better that our libraries
> follow that practice. Otherwise it will be only a matter of time before
> someone comes out of the wood and claims that libraries will full sonames
> are a big whatever-else problem.
Universal Practice does NOT equal Security and Usability.
Please consider what Kean is saying here.
Kean,
Please respond.
LER
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler(at)lerctr(dot)org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2003-07-23 15:09:42 | Re: Czech NLS |
Previous Message | Karel Zak | 2003-07-23 10:59:21 | Re: [PATCHES] Czech NLS |