Date: Wed, 15 Feb 2012 12:00:17 -0800 From: Xin Li <delphij@delphij.net> To: Ansar Mohammed <ansarm@gmail.com> Cc: freebsd-hackers@freebsd.org, d@delphij.net Subject: Re: nologin size Message-ID: <4F3C0ED1.9010004@delphij.net> In-Reply-To: <CAOO1MfsEa2E-4afrcNrOCvA0SjXt%2BgOFeLMSnbeR-9=Gpv8ZVw@mail.gmail.com> References: <CAOO1MfsEa2E-4afrcNrOCvA0SjXt%2BgOFeLMSnbeR-9=Gpv8ZVw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 02/15/12 11:28, Ansar Mohammed wrote: > Hello all, I am trying to build a minimal size FreeBSD 9 > installation and I noticed that the size of nologin is almost > 200k. I built FreeBSD from source so I checked the distribution, > and it's also 200k. So I went back to the source and just compiled > nologin.c and it came up to 5k. The Makefile have described why it's statically linked: # It is important that nologin be statically linked for security # reasons. A dynamic non-setuid binary can be linked against a trojan # libc by setting LD_LIBRARY_PATH appropriately. Both sshd(8) and # login(1) make it possible to log in with an unsanitized environment, # rendering a dynamic nologin binary virtually useless. NO_SHARED= YES Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEbBAEBCAAGBQJPPA7RAAoJEG80Jeu8UPuz2k0H8wbyLWS6+V0ebKJzPtB1BZzP o6VWo6sXrG5sMb7kegQdtouYjjfCh1XGxj8jT/nCdOcmXFTvta4GaEnwNZjT3IJp bhIRU3sh7G3AOs9WjXlDhwyPCuLp3LdWPu6/4kjdME3VZp6YQRn6SSHtS/OAG/nS HJtlee64Udlkj1OVIPKENpdSdv4dzJt5afSsK0Ju9HH+vrpFKv5fwUWcXVCFya4R iPiU+hDlVUG0ivjK7Aa12rKavrJxmuC6am7KansLF9LsjTHm8zBxswPgJwVEXO9v xIoFHnbfUHLi9r/NAUICudpPmoNfp8M8MNei+n2KQwPK4FsHdiIGcIkfQCsrJQ== =4yw1 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F3C0ED1.9010004>