Hi list, while doing some reading on secure software development (//www.ranum.com/security/computer_security/archives/security-for-developers.pdf) I came across the advice "always link your priviliged binaries statically".
However a quick check on my system revealed me almost all suid/sgid programs being dynamically linked (the two exceptions traceroute/traceroute6 startle me even more). Since the advice makes sense to me (it keeps some rather complicated machinery out of delicate matters) I'm wondering why it is not followed on OpenBSD. Are there other ways to simply 'do this right'? I would apreciate any pointers for further reading on that matter. No trolling intended, I'm just curious. kind regards tilo
