From owner-freebsd-security  Sat Apr 25 10:44:20 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA21360
          for freebsd-security-outgoing; Sat, 25 Apr 1998 10:44:20 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dyson.iquest.net (dyson.iquest.net [198.70.144.127])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA21353
          for <freebsd-security@freebsd.org>; Sat, 25 Apr 1998 10:44:13 -0700 (PDT)
          (envelope-from toor@dyson.iquest.net)
Received: (from root@localhost)
	by dyson.iquest.net (8.8.8/8.8.8) id MAA11634;
	Sat, 25 Apr 1998 12:41:24 -0500 (EST)
	(envelope-from toor)
From: "John S. Dyson" <toor@dyson.iquest.net>
Message-Id: <199804251741.MAA11634@dyson.iquest.net>
Subject: Re: Static vs. dynamic linking
In-Reply-To: <199804251729.KAA05173@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Apr 25, 98 10:29:01 am"
To: cschuber@uumail.gov.bc.ca
Date: Sat, 25 Apr 1998 12:41:24 -0500 (EST)
Cc: toor@dyson.iquest.net, peter.jeremy@alcatel.com.au,
        freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> > How many of our problems can be fixed in the library(s) alone,
> > anyway?
> 
> The current arrangement as we have it, some binaries linked dynamic and 
> others linked static, is a fairly good arrangement.  Can this 
> arrangement be adjusted or improved?  Yes.  The two extremes however:  
> To totally switch to shared libraries (would cause a performance hit) 
> or to no longer support shared libraries (not mentioned in this 
> discussion yet but I'm sure some are thinking about this) [both] appear 
> silly and I'm sure a good compromise (adjustments and tuning) can be 
> found.
> 
I agree, using *just* applications with shared libs is a bad tradeoff,
like using *just* applications with static libs.  When you have one
shared lib, you are getting alot of overhead right away.  I would
suggest that it is probably best not to link with 50 shared libs, but
with only one vs. 2-3, it is best to go all of the way, and link
with all three shared.

For things like inetd and other daemons that fork, etc, there is a
performance hit.  There might be cases where shared libs can making
fixing problems easier, but if replacing a shared lib is being used
to fix a system call -- on FreeBSD, you can theoretically just fix
the system call.

I suspect that a good compromise can be worked out, and I just want
to make sure that we don't loose (much) performance.  I also don't
want to loose many of the advantages of having shared libraries.

John

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message