[Dovecot] [SOLVED] Building dovecot with SSL support on Solaris

[Christian Schmidt]

Hello Gary & all the other contributors,

Gary Gendel, 09.10.2005 (d.m.y):

> The -ldl means that you wish to load the library that is used to
> dynamically load shared libraries.

Ah, I see.

Do you have an idea why this is necessary on one of my Solaris systems,
but not on the other?

> If you really needed to do this then this brings up a small issue.
> 
> It is usually NOT a good idea to have openssl as a shareable library.
> This opens up a serious vulnerability.  Take this scenario...
> 
> A person manages to gain root privedges.  He replaces the openssl
> shareable library with a hacked version (say with a backdoor).  In doing
> so, he's circumvented every program that uses openssl for security and
> gained full access via lots of entry points (web services, ssh services,
> etc.).
> 
> My suggestion is to build a static openssl library and then you won't
> need to add the -ldl option.

I'll consider that.

Thanks to all of you!!

Regards,
Christian 

-- 
Was nützt es ein schönes Schwein zu sein, wenn man ein menschliches
Gesicht hat.