1 |
Am Sonntag, 16. Dezember 2012, 23:19:46 schrieb Nikos Chantziaras: |
2 |
> On 15/12/12 12:18, Volker Armin Hemmann wrote: |
3 |
> > Am Freitag, 14. Dezember 2012, 21:34:54 schrieb Kevin Chadwick: |
4 |
> >> On Fri, 14 Dec 2012 08:53:35 -0800 |
5 |
> >> |
6 |
> >> Mark Knecht <markknecht@×××××.com> wrote: |
7 |
> >>> I guess the other question that's lurking here for me is why do you |
8 |
> >>> have /usr on a separate partition? What's the usage model that drives |
9 |
> >>> a person to do that? The most I've ever done is move /usr/portage and |
10 |
> >>> /usr/src to other places. My /usr never has all that much in it beyond |
11 |
> >>> those two directories, along with maybe /usr/share. Would it not be |
12 |
> >>> easier for you in the long run to move /usr back to / and not have to |
13 |
> >>> deal with this question at all? |
14 |
> >> |
15 |
> >> It should be moving in the other direction for stability reasons and |
16 |
> >> busybox is no full answer. |
17 |
> >> |
18 |
> >> On OpenBSD which has the benefit of userland being part of it. All the |
19 |
> >> critical single user binaries are in root and built statically as much |
20 |
> >> as possible, maximising system reliability no matter the custom |
21 |
> >> requirements or packages. |
22 |
> > |
23 |
> > until a flaw is found in one of the libs used and all those statically |
24 |
> > linked binaries are in danger. Well done! |
25 |
> |
26 |
> I don't see why this would only affect statically linked executables. |
27 |
> If a bug is found in a library, all dynamically linked executables are |
28 |
> affected as well. When the BSD packagers put out an update for the |
29 |
> library, they'll also put updates for the static binaries that use it. |
30 |
> |
31 |
> I don't see any security issue here. |
32 |
|
33 |
with dynamically linked libs you can change just the lib, you can even just |
34 |
use some LD_PRELOAD workaround. |
35 |
|
36 |
As you said yourself - with statically linked libs you have to replace half of |
37 |
your system.. and until the binaries are ready for distribution you can't even |
38 |
work around it. |
39 |
|
40 |
-- |
41 |
#163933 |