nologin size

Xin Li delphij at delphij.net
Wed Feb 15 20:00:20 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/15/12 11:28, Ansar Mohammed wrote:
> Hello all, I am trying to build a minimal size FreeBSD 9
> installation and I noticed that the size of nologin is almost
> 200k. I built FreeBSD from source so I checked the distribution,
> and it's also 200k. So I went back to the source and just compiled
> nologin.c and it came up to 5k.

The Makefile have described why it's statically linked:

# It is important that nologin be statically linked for security
# reasons.  A dynamic non-setuid binary can be linked against a trojan
# libc by setting LD_LIBRARY_PATH appropriately.  Both sshd(8) and
# login(1) make it possible to log in with an unsanitized environment,
# rendering a dynamic nologin binary virtually useless.
NO_SHARED=      YES

Cheers,
- -- 
Xin LI <delphij at delphij.net>	https://www.delphij.net/
FreeBSD - The Power to Serve!		Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iQEbBAEBCAAGBQJPPA7RAAoJEG80Jeu8UPuz2k0H8wbyLWS6+V0ebKJzPtB1BZzP
o6VWo6sXrG5sMb7kegQdtouYjjfCh1XGxj8jT/nCdOcmXFTvta4GaEnwNZjT3IJp
bhIRU3sh7G3AOs9WjXlDhwyPCuLp3LdWPu6/4kjdME3VZp6YQRn6SSHtS/OAG/nS
HJtlee64Udlkj1OVIPKENpdSdv4dzJt5afSsK0Ju9HH+vrpFKv5fwUWcXVCFya4R
iPiU+hDlVUG0ivjK7Aa12rKavrJxmuC6am7KansLF9LsjTHm8zBxswPgJwVEXO9v
xIoFHnbfUHLi9r/NAUICudpPmoNfp8M8MNei+n2KQwPK4FsHdiIGcIkfQCsrJQ==
=4yw1
-----END PGP SIGNATURE-----


More information about the freebsd-hackers mailing list