From owner-freebsd-hackers Wed Jul 24 17:35:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5B0E37B400 for ; Wed, 24 Jul 2002 17:35:50 -0700 (PDT) Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F76E43E6A for ; Wed, 24 Jul 2002 17:35:50 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0419.cvx22-bradley.dialup.earthlink.net ([209.179.199.164] helo=mindspring.com) by swan.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17XWbO-00078P-00; Wed, 24 Jul 2002 17:35:35 -0700 Message-ID: <3D3F47A0.91239B47@mindspring.com> Date: Wed, 24 Jul 2002 17:34:40 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Paul Khavkine Cc: Peter Wemm , freebsd-hackers@freebsd.org Subject: Re: Name service switch References: <20020723215150.F224D3807@overcee.wemm.org> <3D3EB9A8.E0B2977E@colba.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Paul Khavkine wrote: > Well the one we have in -CURRENT lacks dynamic module support (as does IRS). > > I just wanted to know if there was any issues for not implementing IRS > before ? The BIND IRS implementation depends on use of the BIND resolver library. In FreeBSD, the resolver library is integrated into libc, so upgrading it is very, very hard compared to what it would be if it were boken out into a seperate libresolv. The use of loadable modules has two problems; the first is that it requires that binaries be dynamically, not statically linked, because FreeBSD does not support a static "libdlopen" because of how symbol lookups are wedged for things like a NULL parameter, and importing of main object symbols by loaded modules (in fact, the ELF standard was never intended to support static linking), and some programs can not be dynamically linked (anything run before /usr is mounted to get lib and libexec). The second is that dynamic linking and modules themselves open you up to security exploits based on inherent flaws in the idea in a hostile implementation environment. If you want to find an IRS patch set for FreeBSD, serach for the terms "irs" "nss" "ldap", and it will be in the top 5 or so. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message