Date: Fri, 10 Nov 2000 02:55:22 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Mike Smith <msmith@FreeBSD.ORG> Cc: Warner Losh <imp@village.org>, "Daniel C. Sobral" <dcs@newsguy.com>, John Baldwin <jhb@FreeBSD.ORG>, arch@FreeBSD.ORG, Alfred Perlstein <bright@wintelcom.net> Subject: Re: The shared /bin and /sbin bikeshed Message-ID: <20001110025522.B15361@citusc17.usc.edu> In-Reply-To: <200011100959.eAA9xJ905757@mass.osd.bsdi.com>; from msmith@FreeBSD.ORG on Fri, Nov 10, 2000 at 01:59:19AM -0800 References: <200011100938.CAA48105@harmony.village.org> <200011100959.eAA9xJ905757@mass.osd.bsdi.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Fri, Nov 10, 2000 at 01:59:19AM -0800, Mike Smith wrote: > I think "NO_STATIC_BINARIES" should make everything dynamic that can be > made dynamic, so your limited functionality change is probably right. Can I just chime in and say that statically linked binaries suck because they can be impossible to scan for when a library they were linked against has a bug or security vulnerability. Often you can be lucky and find a magic string in the binary which unambiguously shows whether or not it was linked against a vulnerable version (e.g. a RCS ID), but sometimes you have nothing to go on and it's hard to work out whether the binary was even linked against the library, let alone a vulnerable version thereof. Adding RCS IDs to all the source code files in the FreeBSD libraries (conditional on a compile-time anti-bloat option, e.g. buried in a macro) would fix this. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoL1BkACgkQWry0BWjoQKV2YACg1iFUBOR/6vWsJZRaycoBtbDB BtUAoJeWTJc1fTsXbFGIZ2grICsALZ3f =3nIX -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001110025522.B15361>