| 1 |
On Thu, Aug 9, 2012 at 2:44 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 2 |
> On Thu, Aug 9, 2012 at 3:42 AM, Luca Barbato <lu_zero@g.o> wrote: |
| 3 |
> [snip] |
| 4 |
>> Repeat after me: having your first process require anything more than |
| 5 |
>> libc is stupid and dangerous. |
| 6 |
> |
| 7 |
> No, it's not. You can (and should) depend on whatever libraries helps |
| 8 |
> to achieve the desired goals. If one of the libraries has a bug, guess |
| 9 |
> what? It should be fixed. |
| 10 |
|
| 11 |
Look, there is a balance here. This isn't really the thread to |
| 12 |
discuss it, but there is a balance between having your only |
| 13 |
password-reset UI being the passwd program, and having a 2MB suid root |
| 14 |
X11 application like IRIX. Most sane solutions today just have a |
| 15 |
non-root front-end, that calls a small well-audited suid app (perhaps |
| 16 |
just passwd). |
| 17 |
|
| 18 |
Sure, fixing bugs should be admired, but planning to be robust even in |
| 19 |
the face of future unknown bugs is the bedrock of secure software. |
| 20 |
|
| 21 |
Rich |
Archives