I believe core dumping is OK (the dumpable flag is cleared if the program
is unreadable). I know of at least one program (deslogin) which has
encryption key compiled in (the binary is mode 711). I shouldn't have
to link it statically to be safe... Another solution, which doesn't
need kernel support, would be to have two versions of ld.so: one which
ignores LD_xxx and one which is like the current ld.so. You decide
which one you want to use at link time (default is to ignore LD_xxx -
it's not necessary except for testing new shared libraries). I think
HP-UX does something like this. If we had this, we wouldn't have the
infamous telnet environment security hole...
> Use gcc 2.7.x - 2.5.8 miscompiles stuff in the current kernel.
Perhaps 2.5.8 would work with less optimizations? I already know about
-fno-strength-reduce - any other flags necessary to generate correct code?
Marek