21 messages in org.freebsd.freebsd-archRe: How much security should ldconfig...| From | Sent On | Attachments |
|---|---|---|
| John Polstra | Jul 26, 2000 7:35 pm | |
| Chris Costello | Jul 26, 2000 8:54 pm | |
| Nate Williams | Jul 26, 2000 10:54 pm | |
| Mark Murray | Jul 26, 2000 11:15 pm | |
| Warner Losh | Jul 26, 2000 11:24 pm | |
| Adrian Chadd | Jul 27, 2000 12:03 am | |
| Poul-Henning Kamp | Jul 27, 2000 12:30 am | |
| Alfred Perlstein | Jul 27, 2000 12:44 am | |
| Jacques A. Vidrine | Jul 27, 2000 5:50 am | |
| Neil Blakey-Milner | Jul 27, 2000 5:52 am | |
| Jacques A. Vidrine | Jul 27, 2000 6:38 am | |
| Daniel O'Connor | Jul 27, 2000 6:44 am | |
| Neil Blakey-Milner | Jul 27, 2000 6:47 am | |
| Robert Watson | Jul 27, 2000 8:14 am | |
| Alfred Perlstein | Jul 27, 2000 9:39 am | |
| Jacques A. Vidrine | Jul 27, 2000 11:03 am | |
| Ollivier Robert | Jul 27, 2000 12:32 pm | |
| John Polstra | Jul 27, 2000 9:28 pm | |
| John Polstra | Jul 27, 2000 9:38 pm | |
| Alexander Leidinger | Jul 28, 2000 5:09 am | |
| John Polstra | Jul 28, 2000 8:21 am |
| Subject: | Re: How much security should ldconfig enforce? | |
|---|---|---|
| From: | John Polstra (jd...@polstra.com) | |
| Date: | Jul 27, 2000 9:28:20 pm | |
| List: | org.freebsd.freebsd-arch | |
In article <2000...@grimreaper.grondar.za>, Mark Murray <ma...@grondar.za> wrote:
Could it relax constraints on a per-directory basis, so that folk who want a shared lib dir with *this* privelige *here* can do that?
Oh, it _could_, since it is software and software can do anything. :-) But I personally am only willing to take it so far. If it gets too involved, somebody else is going to have to do it.
I think it would help if I explained (not for you -- for the group at large) just what ldconfig does and does not do. I will ignore the a.out version, since it is obsolete.
What the ELF ldconfig does is very simple: It takes the list of directories from the command line and writes them into "/var/run/ld-elf.so.hints", along with a magic number and a length field and stuff like that. That's all it does. It doesn't read these directories, it doesn't build a hash table, it doesn't do anything except record the directory names.
I should also mention that on any sensible system, the hints file which ldconfig updates is writable only by root. That means you more or less have to be root to run ldconfig in the first place, unless you have gone and manually changed the permissions of the hints file.
I just mention these things because a few of the replies made me think that not everybody understood them.
John
-- John Polstra jd...@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message