From owner-freebsd-security  Mon Apr 20 12:58:24 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA29319
          for freebsd-security-outgoing; Mon, 20 Apr 1998 12:58:24 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA29116
          for <freebsd-security@FreeBSD.ORG>; Mon, 20 Apr 1998 19:57:49 GMT
          (envelope-from softweyr@xmission.xmission.com)
Received: (from softweyr@localhost) by xmission.xmission.com (8.8.8/8.7.5) id NAA15966; Mon, 20 Apr 1998 13:53:30 -0600 (MDT)
From: Wes Peters - Softweyr LLC <softweyr@xmission.com>
Message-Id: <199804201953.NAA15966@xmission.xmission.com>
Subject: Re: Using MD5 insted of DES for passwd ecnryption
To: peter@netplex.com.au (Peter Wemm)
Date: Mon, 20 Apr 1998 13:53:24 -0600 (MDT)
Cc: jkh@time.cdrom.com, ady@warpnet.ro, softweyr@xmission.com,
        freebsd-security@FreeBSD.ORG
In-Reply-To: <199804201324.VAA04518@spinner.netplex.com.au> from "Peter Wemm" at Apr 20, 98 09:24:27 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Peter Wemm pointed out:
> Static linking really does restrict some of the creative things that can be
> done with dynamic linking.  It would fix the two different versions of init
> for starters...  But that'd mean creating a /lib (and /libexec/ld.so) and
> putting a selection of shared libs in there.  As long as ld.so was robust
> enough to work without /var/run/ld.so.cache, this would not be a problem.
> Putting a selection (say 2MB) of shared libs in /lib would probably cut the
> 9.5MB of /bin+/sbin to 3MB tops, leaving an overall root fs space saving.
> But we'd also be able to use things like PAM (heaven forbid), runtime 
> selection of gethostbyname() backends (files,DNS,NIS,whatever).  The 
> removal of the files,dns,nis stuff (into a seperate library each) could 
> save overall libc.so size. Adding NIS+ support would be as simple as 
> adding one line to a file and everything could support it automatically 
> without relinking etc.  Same thing for new crypt routines for passwd stuff.
> 
> However, the thought of having ld.so on / and a dynamic sh and init seems
> to make some people break out into a cold sweat...

Sounds like the overall win might make it worthwhile, over in -current
land.  This would be a big win for making small, embedded FreeBSD
systems as well.  ;^)


-- 
          "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                       Softweyr LLC
http://www.xmission.com/~softweyr                       softweyr@xmission.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message