Subject: Re: HEADS UP: migration to fully dynamic linked "base" system
To: Jason R Thorpe <email@example.com>
From: Johnny Billquist <firstname.lastname@example.org>
Date: 08/27/2002 17:34:14
On Tue, 27 Aug 2002, Jason R Thorpe wrote:
> * security updates
> With a fully dynamic system, a fix to e.g. the libc resolver only requires
> a libc upgrade to fix everything, not a libc+ping+ping6+... upgrade.
While true, that goes both ways. It also becomes a potentially more
dangerour system. Sneak things into libc, and you have an even better
chance at perverting things.
I don't want to get into a security discussion here, but I don't really
like the dynamic library things being praised as a security improver.
So let's drop that one, please?
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: email@example.com || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol