Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Sep 2004 10:38:23 +0200
From:      Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
To:        Ruslan Ermilov <ru@FreeBSD.org>
Cc:        Matthias Andree <matthias.andree@web.de>
Subject:   Re: bin/72138: libc.so.5 isn't installed in a safe way
Message-ID:  <m31xgmzt34.fsf@merlin.emma.line.org>
In-Reply-To: <20040928071758.GB14942@ip.net.ua> (Ruslan Ermilov's message of "Tue, 28 Sep 2004 10:17:58 %2B0300")
References:  <20040927224353.845381B217@merlin.emma.line.org> <20040928043351.GA2400@frontfree.net> <20040928071758.GB14942@ip.net.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov <ru@FreeBSD.org> writes:

> On Tue, Sep 28, 2004 at 12:33:51PM +0800, Xin LI wrote:
>> (-CURRENT is cc'ed for a boarder review)
>> 
>> I fell like this idea, and here is the patch for review:
>> 
>> Index: Makefile
>> ===================================================================
>> RCS file: /r/ncvs/src/lib/libc/Makefile,v
>> retrieving revision 1.52
>> diff -u -r1.52 Makefile
>> --- Makefile	14 May 2004 12:04:29 -0000	1.52
>> +++ Makefile	28 Sep 2004 04:30:26 -0000
>> @@ -16,6 +16,7 @@
>>  CFLAGS+=-I${.CURDIR}/include -I${.CURDIR}/../../include
>>  CFLAGS+=-I${.CURDIR}/${MACHINE_ARCH}
>>  CLEANFILES+=tags
>> +SHLINSTALLFLAGS+=	-S
>>  INSTALL_PIC_ARCHIVE=	yes
>>  PRECIOUSLIB=	yes
>>  
> I like the idea so much, that I suggest this instead:
>
> %%%
> Index: bsd.lib.mk
> ===================================================================
> RCS file: /home/ncvs/src/share/mk/bsd.lib.mk,v
> retrieving revision 1.160
> diff -u -r1.160 bsd.lib.mk
> --- bsd.lib.mk	7 May 2004 09:58:36 -0000	1.160
> +++ bsd.lib.mk	28 Sep 2004 07:13:18 -0000
> @@ -187,9 +187,12 @@
>  
>  .if !target(install)
>  
> -.if defined(PRECIOUSLIB) && !defined(NOFSCHG)
> +.if defined(PRECIOUSLIB)
> +.if !defined(NOFSCHG)
>  SHLINSTALLFLAGS+= -fschg
>  .endif
> +SHLINSTALLFLAGS+= -S
> +.endif
>  
>  _INSTALLFLAGS:=	${INSTALLFLAGS}
>  .for ie in ${INSTALLFLAGS_EDIT}
> %%%

I must say that although Xin's patch will certainly work well to address
my original PR, I like Ruslan's idea better, because it appears to work
for all precious libraries, not just libc. But there is more "precious"
stuff, /bin, /sbin, /boot (including kernel), /rescue (I was glad I had
the latter, otherwise my system would have been dead.)

Using -S for the whole system might be a bit slow without softupdates
(or async, which I do not favor) but would not be a bad idea from a
robustness point of view which I personally prefer.

-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m31xgmzt34.fsf>