Date: Thu, 27 Mar 2003 05:46:16 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: security at FreeBSD <freebsd-security@freebsd.org> Subject: Re: what actually uses xdr_mem.c? Message-ID: <20030327114616.GE98283@madman.celabo.org> In-Reply-To: <20030326234503.A21679@sheol.localdomain> References: <Pine.LNX.4.43.0303252144400.21019-100000@pilchuck.reedmedia.net> <20030326061041.A17052@sheol.localdomain> <20030326071637.A17385@sheol.localdomain> <3E81AF6C.3060705@arnes.si> <20030327160638.J1404@gamplex.bde.org> <20030326234503.A21679@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 26, 2003 at 11:45:04PM -0600, D J Hawkey Jr wrote: > OK, I now have to take this a little off-topic, and ask the following: > > Given that it's improbable, if not nearly impossible, to discover what > statically-linked binaries may be involved with any vulnerability, isn't > it reasonable to ask if the benefits of statically-linked binaries aren't > outweighed by the [security] drawbacks? > > Granted, a "no static binaries" policy wouldn't cover things outside of > any given distribution, but at that point, the vendor is absolved. IMHO making security updates for a completely-dynamically-linked system would be easier. However, it's not a panacea and there are reasons one might still want static binaries. This is not a given: > Given that it's improbable, if not nearly impossible, to discover > what statically-linked binaries may be involved with any > vulnerability, The way to determine it is to run `make release' without the fix, then `make release' with the fix, and intelligently compare the results. It is hard, not `nearly impossible'. > Should this move on over to freebsd-hackers@ ? I think it should stop here :-) We don't need another static-vs-dynamic thread right now (e.g. yet another one finally finished on freebsd-arch yesterday). Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030327114616.GE98283>