From owner-freebsd-security  Tue Apr 21 23:16:53 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA25248
          for freebsd-security-outgoing; Tue, 21 Apr 1998 23:16:53 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA25171
          for <freebsd-security@FreeBSD.ORG>; Wed, 22 Apr 1998 06:16:45 GMT
          (envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id AAA12442;
	Wed, 22 Apr 1998 00:16:44 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id AAA02036; Wed, 22 Apr 1998 00:16:38 -0600
Date: Wed, 22 Apr 1998 00:16:38 -0600
Message-Id: <199804220616.AAA02036@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Peter Wemm <peter@netplex.com.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Static vs. dynamic linking (was Re: Using MD5 insted of DES ...)
In-Reply-To: <199804220504.NAA01624@spinner.netplex.com.au>
References: <199804211814.OAA23669@brain.zeus.leitch.com>
	<199804220504.NAA01624@spinner.netplex.com.au>
X-Mailer: VM 6.29 under 19.15 XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Peter Wemm writes:
> FWIW, I'm a little amazed at the paranoia about dynamic linking.  I have
> *never* *ever* "lost" or damaged ld.so except through stupidity (made a
> mistake with a source change and caused an undefined symbol).  I have never
> lost or damaged libc.so except through stupidity (again, generally through
> normal development accidents with undefined symbols).

I have thwacked the snot out of my system by replacing libc.so to the
point that nothing except the static stuff in /bin|sbin worked.  It
doesn't happen too often, but when it does the only recourse was to use
the static stuff to recover, which I was able to do.

With dynamic programs, instead of having a single point of failure, you
have *many*.  ld.so, libc.so, potentially /var/run/ld.hints, etc...

There are too many variables plus the performance advantages of having a
static /bin/sh to even argue about the *minute* advantage of having a
completely dynamic system, vs. the hybrid we have now.


Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message