[Dovecot] [SOLVED] Building dovecot with SSL support on Solaris
Magnus Holmgren
holmgren at lysator.liu.se
Sun Oct 9 21:43:16 EEST 2005
Gary Gendel wrote:
> Christian,
>
> The -ldl means that you wish to load the library that is used to
> dynamically load shared libraries. If you really needed to do this then
> this brings up a small issue.
>
> It is usually NOT a good idea to have openssl as a shareable library.
> This opens up a serious vulnerability. Take this scenario...
>
> A person manages to gain root privedges. He replaces the openssl
> shareable library with a hacked version (say with a backdoor). In doing
> so, he's circumvented every program that uses openssl for security and
> gained full access via lots of entry points (web services, ssh services,
> etc.).
>
Well, if someone can gain root privileges you have a much bigger issue
than him just replacing the openssl library (for example, him replacing
the dovecot binaries). Objection overruled!
--
Magnus Holmgren
holmgren at lysator.liu.se
More information about the dovecot
mailing list