Subject: re: static linking for NetBSD
To: Michael Richardson <>
From: matthew green <>
List: tech-security
Date: 09/16/2003 17:50:14
     I'll tell you why I don't like dynamic linking, particularly for critical
   system components: file and system management.
     Do you know how many times I've had to rescue RedHat systems when the
   (DUE TO SECURITY VULNERABILITY!) to the shared libraries left the system
   in a state where the PAM (YES!) was broken and nobody could login? Or worse,
   you can even type "ln" because /lib/ is incompatible with
     Linux is rapidly approaching Windows-Style DLL bit-rot.
     I find it much easier to do:
          % /sbin/md5sum /sbin/login 
     and compare that value to a known to be good (non-trojan'ed) /sbin/login,
   knowing that since it doesn't load anything, it can't be trojan'ed by libc
   or ld screwing. I just find static linked binaries easier to cope with,
   easier to upgrade, and easier to verify.

did you ever wonder why luke went to the trouble of creating /rescue?
netbsd systems are EASIER to recover from critical system failure now
because of /rescue than ever before, regardless of static vs. dynamic
/bin and /sbin.

netbsd != linux.