bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remaking bash, trying static, glibc refuses static...?


From: Linda Walsh
Subject: Re: remaking bash, trying static, glibc refuses static...?
Date: Sat, 22 Aug 2015 15:39:12 -0700
User-agent: Thunderbird



Dave Rutherford wrote:
There are loadable builtins but I don't believe it is true that they
can magically self-load as you describe.
---
Magically self load? Right...

Installed by the tooth fairy no doubt?

Anything that's setup to load has to be configured by
*someone*...whether it is 'you', or 'someone else' , whether or not it is with or without your knowledge,
and how 'transparent' it is to some generic 'end' user.

Example.  how many generic end users of bash would know that
some bash versions in some distro's like opensuse, have full
session auditing and logging added in to their build?

Now if they happen to store that in a special version of glibc,
and update glibc -- I magically get the new keyboard logging features
w/summaries sent to "whoever".  But, if I have a static build, that
I put together -- and I'm "reasonable" satisfied that it's not
communicating my behaviors out on the net, I can feel someone safe
that an update to one of the 100's of loadable libraries won't
compromise the security on that single program.

Of course there are lots of other ways -- kernel loadable device modules
that are closed source.  (The plugins I was talking about -- like
ones samba can use talk in *text*).


Did the rest of your message have anything to do with bash?
You were trying to build a static version... you've been told how...
was there more?


----
Naw... builtin key-stroke loggers in ... well suse does get many
of their patches from Redhat, upstream....  absolutely nothing to do
with bash... you can go back to sleep now.

:-)




reply via email to

[Prev in Thread] Current Thread [Next in Thread]