Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3EA9013A.29895.1F44DE@localhost>
Date: Fri, 25 Apr 2003 09:34:50 -0500
From: "Steve Bremer" <steveb@...coinc.com>
To: owl-users@...ts.openwall.com
Subject: Re: Next Release

> But the real danger here isn't with ping and traceroute themselves,
> but rather with generic SUID/SGID program startup code: in libc, in
> the dynamic linker, and even in the kernel itself.  

Good point.  Doesn't matter how secure the app is written if the host 
is compromised before the app itself actually launches.  Using a 
static binary should eliminate the linker problem, but you're still left 
with bugs in libc and the kernel.  

Thanks for the info,
Steve Bremer
NEBCO, Inc.
System & Security Administrator

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.