Unfortunate dynamic linking for everything
E.B. Dreger
eddy+public+spam at noc.everquick.net
Wed Nov 19 13:16:56 PST 2003
SL> Date: Tue, 18 Nov 2003 17:06:06 -0700 (MST)
SL> From: Scott Long
SL> 3. Binary security updates: there is a lot of interest in providing a
SL> binary update mechanism for doing security updates. Having a dynamic
SL> root means that vulnerable libraries can be updated without having to
SL> update all of the static binaries that might use them.
Although this doesn't help the upgrade process, what if one
symbol (such as function name + CVS tag) were exported per
function? One could check for a vulnerability by strings | grep
funcname | inspect CVS tag. A more elegant approach would be to
store such versioning in another segment and have a tool that
understands the data, a la debugger symbols.
On a different note:
+ Some of us have had a few bad experiences with glibc (granted,
it's glibc) upgrades when the shell, cp, ls, et cetera are
dynamically linked.
+ I put the shell of choice and all of SSH's guts on the root
partition... if /usr gets clobbered, I still want to be able
to boot and log in remotely. If / gets clobbered, I have
bigger problems. :-)
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
DO NOT send mail to the following addresses :
blacklist at brics.com -or- alfra at intc.net -or- curbjmp at intc.net
Sending mail to spambait addresses is a great way to get blocked.
More information about the freebsd-current
mailing list