[ On Friday, December 14, 2001 at 22:59:03 (-0500), Theo Schlossnagle wrote: ]
> Subject: Re: [Exim] Exim and IBM DB2
>
> You clearly make some invalid assumptions in your analysis. It can be
> as safe as anything else.
Perhaps you do not understand the fundamentals of Unix process security.
> It's not like you are loading them from some site somewhere. You have
> the module on disk owned by root. You know its inode. Load the module
> with that inode, if it has changed, Exim very well could have been
> changed too.
There's ample discussion of this issue elsewhere -- suffice it to say
that dynamic loading of code using known implementations must never mix
with enhanced privileges if you want to keep your systems safe.
> Apache uses dynamically loadable modules and I am not familiar with any
> exploitations that hinge on the fact that the modules were dynamically
> loaded. PAM uses loadable modules.
Perhaps instead of looking at existing implementations made out of
convenience you should look instead at the research and learn why I've
made these claims. Some of us are even concerned about running any
dynamic-linked setuid binary let alone anything that can dynamically
load new code at any time.
Furthermore you've apparently completely ignored the more fundamental
fact that dynamic loading is simply never necessary in this kind of
scenario, especially when full source code is available.
--
Greg A. Woods
+1 416 218-0098; <gwoods@???>; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>