[linux-elitists] distributing software securely (was: DJB ruckus du jour)

Wayne Earl wayne@qconcepts.net
Wed Nov 13 16:53:35 PST 2002


On Wed, Nov 13, 2002 at 04:37:16PM -0800 or therabouts, Nick Moffitt wrote:
> 	So are you saying that he doesn't use libc or the gcc ELF init
> code?  Does he use the L7 call gate manually and write his own printf?

No. But compare this:

[foo@yellow bin]$ ldd dnscache
        libc.so.6 => /lib/libc.so.6 (0x40019000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

with this:

[foo@yellow sbin]# ldd named
        liblwres.so.1 => /usr/lib/liblwres.so.1 (0x40026000)
        libdns.so.5 => /usr/lib/libdns.so.5 (0x40034000)
        libcrypto.so.2 => /lib/libcrypto.so.2 (0x4011e000)
        libisccfg.so.0 => /usr/lib/libisccfg.so.0 (0x401e4000)
        libisccc.so.0 => /usr/lib/libisccc.so.0 (0x401f3000)
        libisc.so.4 => /usr/lib/libisc.so.4 (0x401fb000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4022c000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x40243000)
        libc.so.6 => /lib/libc.so.6 (0x4025a000)
        libdl.so.2 => /lib/libdl.so.2 (0x40390000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

And draw your own conclusions about external dependencies and the
minimization of risk.

-- 
Wayne Earl <wayne@qconcepts.net>
gpg public key: http://www.qconcepts.net/key.txt
gpg key fingerprint: 3CE4 0558 635E DADB 327C 73AB 11CA 9A6B B209 E8C5



More information about the linux-elitists mailing list