Date: Wed, 26 Jun 2002 21:55:11 -0700 (PDT) From: Paul Herman <pherman@frenchfries.net> To: Roger Marquis <marquis@roble.com> Cc: security@FreeBSD.ORG Subject: Re: Legacy Static Linking (was: Security Advisory FreeBSD-SA-02:28.resolv) Message-ID: <20020626213923.M86130-100000@mammoth.eat.frenchfries.net> In-Reply-To: <20020626183519.F36946-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Jun 2002, Roger Marquis wrote: > Robert Watson wrote: > >You will catch most applications simply by rebuilding libc and > >reinstalling. Unfortunately, some applications are statically linked, and > >they must be individually relinked against the new libc and reinstalled. > > This makes a good case for doing away with static linking of system > binaries. No, the ease of administration makes a good case for doing away with static linking, security doesn't. From a security perspective, there are some disadvantages of dynamic libraries. Although it's not new to use LD_PRELOAD to use to a hackers advantage, right now I'm thinking of the BUGTRAQ "ssh environment" article but there are certainly other applications. Switching completely to either static OR shared libraries will not necessarily improve your security. Both have pros and cons. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626213923.M86130-100000>