[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owl-users
Subject:    Re: Next Release
From:       "Steve Bremer" <steveb () nebcoinc ! com>
Date:       2003-04-25 14:34:50
[Download RAW message or body]

> But the real danger here isn't with ping and traceroute themselves,
> but rather with generic SUID/SGID program startup code: in libc, in
> the dynamic linker, and even in the kernel itself.  

Good point.  Doesn't matter how secure the app is written if the host 
is compromised before the app itself actually launches.  Using a 
static binary should eliminate the linker problem, but you're still left 
with bugs in libc and the kernel.  

Thanks for the info,
Steve Bremer
NEBCO, Inc.
System & Security Administrator
[prev in list] [next in list] [prev in thread] [next in thread]