From owner-freebsd-security  Thu Apr 23 08:59:28 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA23429
          for freebsd-security-outgoing; Thu, 23 Apr 1998 08:59:28 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA23409
          for <freebsd-security@FreeBSD.ORG>; Thu, 23 Apr 1998 08:59:08 -0700 (PDT)
          (envelope-from woods@tap.zeus.leitch.com)
Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id LAA06943 for <freebsd-security@FreeBSD.ORG>; Thu, 23 Apr 1998 11:59:06 -0400 (EDT)
Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id LAA21557 for <freebsd-security@FreeBSD.ORG>; Thu, 23 Apr 1998 11:59:08 -0400 (EDT)
Received: (from woods@localhost)
	by brain.zeus.leitch.com (8.8.8/8.8.8) id LAA09646;
	Thu, 23 Apr 1998 11:59:07 -0400 (EDT)
	(envelope-from woods@tap.zeus.leitch.com)
Date: Thu, 23 Apr 1998 11:59:07 -0400 (EDT)
Message-Id: <199804231559.LAA09646@brain.zeus.leitch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@zeus.leitch.com (Greg A. Woods)
To: freebsd-security@FreeBSD.ORG
Subject: Re: Static vs. dynamic linking
In-Reply-To: Peter Jeremy's message
	of "Thu, April 23, 1998 13:45:19 +1000"
	regarding "Re: Static vs. dynamic linking"
	id <199804230345.NAA20055@gsms01.alcatel.com.au>
References: <199804230345.NAA20055@gsms01.alcatel.com.au>
X-Mailer: VM 6.45 under Emacs 20.2.1
Reply-To: freebsd-security@FreeBSD.ORG
Organization: Planix, Inc.; Toronto, Ontario; Canada
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

[ On Thu, April 23, 1998 at 13:45:19 (+1000), Peter Jeremy wrote: ]
> Subject: Re: Static vs. dynamic linking
>
> - Fixing bugs in libraries is much easier - just replace a single
>   libc.so and the bug is fixed in all the programs that use it.  This
>   mightn't be much of an issue for the hackers amongst us (who
>   regularly rebuild their entire systems), but will be an issue
>   as we try to expand our user base to less knowledgable people
>   (and people who don't want to have to do a `make world' every
>   time a CERT advisory comes out).

That's definitely not as big a benefit as many people think it is,
esp. in an "open source" system where it's relativley easy to re-build
the whole world with all relevant fixes.

The CM complexity issues of trying to fix more than one bug in a given
library while still maintaining backwards compatability are often
insurmountable.

> - Run-time control (and extendability) of configuration.  Examples
>   are Sun's name service switch and volume management, as well as
>   the idea of plug-in authentication modules for login (where this
>   thread started).

"Security" and "plug-in" don't go together very well.

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message