Re: As 2.0 looms

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 25 Apr 1996 22:41:23 +0100 (BST)


> > There are millions of these, core dumping etc. Its basically I think a
> > unix feature. At least we dont have compiled in passwords like GCOS3
> > had.
> I believe core dumping is OK (the dumpable flag is cleared if the program
> is unreadable). I know of at least one program (deslogin) which has
> encryption key compiled in (the binary is mode 711). I shouldn't have
> to link it statically to be safe... Another solution, which doesn't
> need kernel support, would be to have two versions of ld.so: one which
> ignores LD_xxx and one which is like the current ld.so. You decide
> which one you want to use at link time (default is to ignore LD_xxx -
> it's not necessary except for testing new shared libraries). I think
> HP-UX does something like this. If we had this, we wouldn't have the
> infamous telnet environment security hole...

I would like to see this too. I also cant believe its a difficult thing
to produce. Also a bash that ignored ENV so I could let users near pppd
without making a machine totally insecure.

Alan