On Fri, 9 Feb 2001, Luke Mewburn wrote:

> I've been investigating running named in a chrooted environment as a
> non-privileged user, and I've hit a minor issue which will probabloy
> bite people without source access (or who are unwilling to recompiled): 
> named-xfer needs to be under the chroot cage, and by default, it's
> compiled dynamically.
> 
> Now, it should be possible to use dynamic binaries in a chroot cage,
> but it is much more work than if named-xfer was statically linked.

Rather than changing the compile options, I think a cleaner long-term fix
would be for us to come up with a tool which will take a program using
shared libs and statically link them in. That way if someone wants to make
a chroot environment w/ static programs, s/he can pick ANY program and put
it there. Also, if there are updates to the shared libs (say bug fixes),
all that the user has to do is get the new lib and then re-use this tool.
Presto, the static program has picked up the change.

While that wouldn't matter much in a source-available environment, it
matters in a binary-only one. :-)

Note: I'm not 100% on how to make said tool, and I'm not against changing
named-xfer given its absence. :-)

Take care,

Bill