Date: Sun, 13 Sep 1998 22:15:26 +0200 From: Mark Murray <mark@grondar.za> To: Chuck Robey <chuckr@mat.net> Cc: Brian Feldman <green@unixhelp.org>, William Woods <wwoods@cybcon.com>, FreebSD Current <freebsd-current@FreeBSD.ORG> Subject: Re: ssh port problem..... Message-ID: <199809132015.WAA17429@gratis.grondar.za> In-Reply-To: Your message of " Sun, 13 Sep 1998 12:52:42 -0400." <Pine.BSF.4.02A.9809131243570.343-200000@picnic.mat.net> References: <Pine.BSF.4.02A.9809131243570.343-200000@picnic.mat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Robey wrote: > The problem is, for the gmp and z libs, those are system libs, but the > lib callouts for them assume that they aren't system libs. The > difference is that you use a -L switch for non-system libs, to tell the > compiler where to look for them. You *don't* do that for sytem libs, > the system does that. This is most especially critically important for > FreeBSD-current, where the lib situation is (shall we say) a little > muddy right now. Those -L/usr/lib switches have to go away. They're > encapsulated in the patch-ac. I included a new patch-ac with a couple > of small edits to take the -L's out of libz and libgmp. Chuck is speaking a large measure of truth. When a port has a certain library, and the os has the _same_ library, the port must not use its own copy of that library unless it has diverged far enough to be considered a different package. > Doing this, tho, I think might have some impact on security. I don't > know what it is. I hope maybe someone who knows security might comment. > Don't have to know ports, just tell me if the concept is good or bad, or > what other solution _would_ be PC for a security-type application. Correct. Many software authors package useful (but not very common) libraries with their sources. (SSH includes libz and libgmp, exim includes libident). This is a nasty practice, as it prevents the OS authors' patches from providing that OS's enhancements _and_security_ fixes_ from taking effect. <RAVE> Taking this practice to its (extreme) logical conclusion, one might see software _ignoring_ the system libraries, and attempting to be reliant only on syscalls or (2) calls. Highly bogus! The security- minded programmer/sysadmin wants to see as much of the system-provided services as possible (particularly if that system is responsive to security-related bugs) looked after by the system, and not by third party add-ons. SSH is an interesting case; by itself, it is a "third-party-addon"; but it is also very dependant on the host OS for certain bits. It relies on the host for file-system security, port security, memory protection and so on. It and its ilk should be given as much OS- provided protection as possible, and its own provided sources should be as limited as possible to that which is specific to what it needs do do; the rest is the OS's (hopefully audited) "stuff". When the author notices a security hole, his job is not to silently patch it deep in his own enhancement of some system library, but to report it to the OS authors, for inclusion in future fixes, and provide that info to users who wish to fix their own environments. FreeBSD has libraries; they work; use them. If they are broken, fix them, don't work around them. </RAVE> M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809132015.WAA17429>