Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Jul 2002 17:34:40 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Paul Khavkine <paul@colba.net>
Cc:        Peter Wemm <peter@wemm.org>, freebsd-hackers@freebsd.org
Subject:   Re: Name service switch
Message-ID:  <3D3F47A0.91239B47@mindspring.com>
References:  <20020723215150.F224D3807@overcee.wemm.org> <3D3EB9A8.E0B2977E@colba.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Paul Khavkine wrote:
> Well the one we have in -CURRENT lacks dynamic module support (as does IRS).
> 
> I just wanted to know if there was any issues for not implementing IRS
> before ?

The BIND IRS implementation depends on use of the BIND resolver
library.  In FreeBSD, the resolver library is integrated into
libc, so upgrading it is very, very hard compared to what it
would be if it were boken out into a seperate libresolv.

The use of loadable modules has two problems; the first is that
it requires that binaries be dynamically, not statically linked,
because FreeBSD does not support a static "libdlopen" because of
how symbol lookups are wedged for things like a NULL parameter,
and importing of main object symbols by loaded modules (in fact,
the ELF standard was never intended to support static linking),
and some programs can not be dynamically linked (anything run
before /usr is mounted to get lib and libexec).  The second is
that dynamic linking and modules themselves open you up to
security exploits based on inherent flaws in the idea in a
hostile implementation environment.

If you want to find an IRS patch set for FreeBSD, serach for
the terms "irs" "nss" "ldap", and it will be in the top 5 or
so.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D3F47A0.91239B47>