Date: Wed, 4 Jun 2003 10:38:01 +0200 From: Sebastian Lederer <sl@linast.de> To: Tim Kientzle <kientzle@acm.org> Cc: arch <arch@FreeBSD.org> Subject: Re: Making a dynamically-linked root Message-ID: <20030604083801.GA74277@subway.linast.de> In-Reply-To: <3EDCD0C1.1020300@acm.org> References: <Pine.GSO.4.44.0306031123461.13279-100000@mail.ilrt.bris.ac.uk> <3EDCD0C1.1020300@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 03, 2003 at 09:45:53AM -0700, Tim Kientzle wrote: [...] > My reasoning is correct. The point here is that /bin/sh is not > minimalist, as evidenced by the fact that it calls getpwnam(). (Yes, > this implies that 'ps', 'ls', 'date', and even 'cat' are not "minimalist," > either, since they require pluggable library features.) If you want to > remove features from /bin/sh to make it truly minimal, or add a new static > shell to the base system, that's a different issue. >=20 > The current /bin/sh must be dynamically linked because it relies on NSS. One could implement an NSS proxy/cache daemon like lookupd in Mac OS X=20 (or nscd in Linux/Solaris, although the general impression seems to be=20 that "nscd sucks"). This way static binaries could use dynamic NSS=20 plugins. The cache daemon can be dynamically linked and make full use of all=20 NSS plugins. A small NSS module that can talk to the daemon can be included into=20 all statically linked programs. So when the daemon is not running, programs just use the default=20 static NSS modules (files, NIS, dns, hesiod). When the daemon IS=20 running, all programs, statically or dynamically linked, can utilize=20 all NSS modules which can be loaded dynamically by the daemon. I think this will also improve performance in certain cases, mostly=20 when using LDAP, because not every invocation of "ls" will need to=20 make a new connection to the LDAP server to resolve the uids/gids. - Sebastian Lederer --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+3a/p3rj1BcWb4ZsRAmtgAKCtaf0I/0ZarhgHnztcZnArtAwTdQCfTe1g 04XMbOQLD6s2YdpClI2n1m0= =62Kf -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030604083801.GA74277>