From owner-freebsd-arch  Fri Nov 10  2:54:22 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP
	id AFE2B37B4C5; Fri, 10 Nov 2000 02:54:19 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eAAAtMW15420;
	Fri, 10 Nov 2000 02:55:22 -0800 (PST)
	(envelope-from kris)
Date: Fri, 10 Nov 2000 02:55:22 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Mike Smith <msmith@FreeBSD.ORG>
Cc: Warner Losh <imp@village.org>,
	"Daniel C. Sobral" <dcs@newsguy.com>, John Baldwin <jhb@FreeBSD.ORG>,
	arch@FreeBSD.ORG, Alfred Perlstein <bright@wintelcom.net>
Subject: Re: The shared /bin and /sbin bikeshed
Message-ID: <20001110025522.B15361@citusc17.usc.edu>
References: <200011100938.CAA48105@harmony.village.org> <200011100959.eAA9xJ905757@mass.osd.bsdi.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="4SFOXa2GPu3tIq4H"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200011100959.eAA9xJ905757@mass.osd.bsdi.com>; from msmith@FreeBSD.ORG on Fri, Nov 10, 2000 at 01:59:19AM -0800
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--4SFOXa2GPu3tIq4H
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 10, 2000 at 01:59:19AM -0800, Mike Smith wrote:

> I think "NO_STATIC_BINARIES" should make everything dynamic that can be=
=20
> made dynamic, so your limited functionality change is probably right.

Can I just chime in and say that statically linked binaries suck
because they can be impossible to scan for when a library they were
linked against has a bug or security vulnerability. Often you can be
lucky and find a magic string in the binary which unambiguously shows
whether or not it was linked against a vulnerable version (e.g. a RCS
ID), but sometimes you have nothing to go on and it's hard to work out
whether the binary was even linked against the library, let alone a
vulnerable version thereof.

Adding RCS IDs to all the source code files in the FreeBSD libraries
(conditional on a compile-time anti-bloat option, e.g. buried in a
macro) would fix this.

Kris

--4SFOXa2GPu3tIq4H
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjoL1BkACgkQWry0BWjoQKV2YACg1iFUBOR/6vWsJZRaycoBtbDB
BtUAoJeWTJc1fTsXbFGIZ2grICsALZ3f
=3nIX
-----END PGP SIGNATURE-----

--4SFOXa2GPu3tIq4H--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message