Subject: Re: Static Linking
To: NetBSD User's Discussion List <netbsd-users@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 01/21/2003 16:15:40
[ On Tuesday, January 21, 2003 at 11:44:58 (+0900), Curt Sampson wrote: ]
> Subject: Static Linking
> On Mon, 20 Jan 2003, Greg A. Woods wrote:
> > It is in fact the dynamic nature of PAM which is one of its biggest
> > drawbacks, security-wise. I static-link all of my security sensitive
> > programs.
> Well, in fact, for security reasons I'm very happy NetBSD has moved
> (in post-1.6) to a completely dynamically linked system. In the past
> year I've been through two upgrades of every statically linked program
> on several dozen systems due to security holes in libraries. Having to
> upgrade only /lib/libc.so or whatever from now on is going to be soooo
> much nicer....
I think you're looking at security from the wrong direction and you're
not assessing the risks for each approach fairly.
It's really not any harder to upgrade all binaries in a system as small
as NetBSD than it is to upgrade one or a few.
In fact I find it much harder, at least with the C-code base we have, to
ensure that a new library version won't screw up more than it fixes.
With static linking I'm more certain (obviously not 100% -- this is C)
that once I've re-compiled and produced static binaries they're more
likely to still work properly.
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>