Subject: Re: HEADS UP: migration to fully dynamic linked "base" system
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 08/27/2002 23:26:30
[ On Tuesday, August 27, 2002 at 10:44:45 (-0400), Bill Sommerfeld wrote: ]
> Subject: Re: HEADS UP: migration to fully dynamic linked "base" system
>
> This change *reduces* complexity; instead of having half the system
> statically linked and half dynamic, everything is dynamic.
Hmmmm... I don't think that holds water.... especially not with /rescue
still in the mix on your supposedly "everything is dynamic" system. :-)
> If a security patch for libc is released, you need only update libc
> and /rescue; you need not run in circles rebuilding all the statically
> linked binaries in /bin and /sbin and wherever else they might be
> hiding.
Well, it's not really /bin and /sbin which are the problem now is it
(unless you happen to be the guy stuck rebuilding them for the patch
kit).
The issue is of course all the other stuff someone might have installed
on their system -- stuff that the person preparing OS patches cannot be
expected to re-link, even if they do have access to all the sources.
Yes, this is a big issue for some folks.
(It's not a big issue for me -- I'm the guy who ends up rebuilding both
my system binaries and my applications when important fixes to things
like libc are necessary on production systems. I don't mind though.
Really.)
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>