Just kidding -- this is about ldconfig. Last night I committed
some security-related changes that somebody submitted to me. The
changes make ldconfig refuse to pay attention to directories which are
world-writable or not owned by root. In the commit message I also
stated a desire to strengthen it further by disallowing group-writable
I thought that was good :-)
1. It could allow anything, just like it did before I made my commit.
Not a good idea, but...
2. It could strictly enforce secure ownerships, groups, and
permissions -- i.e., keep last night's commit and add group
writability checking too.
...your correspondent had a point, however.
3. It could default to strictly secure but accept a command-line
option to relax the constraints. And an rc.conf knob could be added
to control whether or not it was strict at boot time.
Could it relax constraints on a per-directory basis, so that folk
who want a shared lib dir with *this* privelige *here* can do that?