From: Rodolphe Ortalo <Rodolphe.Ortalo@cert.fr>
  To  : ggi-develop@eskimo.com
  Date: Tue, 01 Jun 1999 11:04:47 +0200

Re: Where's the glide target?

Marcus Sundberg wrote:
> Sorry, but that's just nonsense and an example of people who can
> not tell security from obscurity.
> /usr/lib, /usr/local/bin and /etc are not any "safer" than
> /usr/local/lib
> on a standard system.

Yes. But people tend to install things that they compiled
themselves inside /usr/local/lib... (Again this is not
a generality.) And maybe they do not always check that such
libraries are not (for example) writable by someone else (a
thing distrib. builders surely do [I hope ;-)] with what they
put by themselves in /usr/lib.) So I GUESS distrib. makers
tend not to add /usr/local/lib to the default linker path.

Anyway, this is just a guess. I do not mean that this is
especially 'right' from the security point of view (the
real security issue is the installation procedure of
shared libraries). But it may be a common habit; and I
don't see it so negatively: it is pragmatic and
fool-oriented, but it seems reasonable to me. Furthermore,
that's a good occasion for novice admin. to learn what
/etc/ld.so.conf is for... :-)

Rodolphe