Date: Thu, 27 Jul 2000 21:28:42 -0700 (PDT) From: John Polstra <jdp@polstra.com> To: arch@freebsd.org Cc: mark@grondar.za Subject: Re: How much security should ldconfig enforce? Message-ID: <200007280428.VAA25123@vashon.polstra.com> In-Reply-To: <200007270615.IAA16104@grimreaper.grondar.za> References: <XFMail.000726193613.jdp@polstra.com> <200007270615.IAA16104@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <200007270615.IAA16104@grimreaper.grondar.za>, Mark Murray <mark@grondar.za> wrote: > Could it relax constraints on a per-directory basis, so that folk > who want a shared lib dir with *this* privelige *here* can do that? Oh, it _could_, since it is software and software can do anything. :-) But I personally am only willing to take it so far. If it gets too involved, somebody else is going to have to do it. I think it would help if I explained (not for you -- for the group at large) just what ldconfig does and does not do. I will ignore the a.out version, since it is obsolete. What the ELF ldconfig does is very simple: It takes the list of directories from the command line and writes them into "/var/run/ld-elf.so.hints", along with a magic number and a length field and stuff like that. That's all it does. It doesn't read these directories, it doesn't build a hash table, it doesn't do anything except record the directory names. I should also mention that on any sensible system, the hints file which ldconfig updates is writable only by root. That means you more or less have to be root to run ldconfig in the first place, unless you have gone and manually changed the permissions of the hints file. I just mention these things because a few of the replies made me think that not everybody understood them. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007280428.VAA25123>