| 1 |
Am Sonntag, 16. Dezember 2012, 23:19:46 schrieb Nikos Chantziaras: |
| 2 |
> On 15/12/12 12:18, Volker Armin Hemmann wrote: |
| 3 |
> > Am Freitag, 14. Dezember 2012, 21:34:54 schrieb Kevin Chadwick: |
| 4 |
> >> On Fri, 14 Dec 2012 08:53:35 -0800 |
| 5 |
> >> |
| 6 |
> >> Mark Knecht <markknecht@×××××.com> wrote: |
| 7 |
> >>> I guess the other question that's lurking here for me is why do you |
| 8 |
> >>> have /usr on a separate partition? What's the usage model that drives |
| 9 |
> >>> a person to do that? The most I've ever done is move /usr/portage and |
| 10 |
> >>> /usr/src to other places. My /usr never has all that much in it beyond |
| 11 |
> >>> those two directories, along with maybe /usr/share. Would it not be |
| 12 |
> >>> easier for you in the long run to move /usr back to / and not have to |
| 13 |
> >>> deal with this question at all? |
| 14 |
> >> |
| 15 |
> >> It should be moving in the other direction for stability reasons and |
| 16 |
> >> busybox is no full answer. |
| 17 |
> >> |
| 18 |
> >> On OpenBSD which has the benefit of userland being part of it. All the |
| 19 |
> >> critical single user binaries are in root and built statically as much |
| 20 |
> >> as possible, maximising system reliability no matter the custom |
| 21 |
> >> requirements or packages. |
| 22 |
> > |
| 23 |
> > until a flaw is found in one of the libs used and all those statically |
| 24 |
> > linked binaries are in danger. Well done! |
| 25 |
> |
| 26 |
> I don't see why this would only affect statically linked executables. |
| 27 |
> If a bug is found in a library, all dynamically linked executables are |
| 28 |
> affected as well. When the BSD packagers put out an update for the |
| 29 |
> library, they'll also put updates for the static binaries that use it. |
| 30 |
> |
| 31 |
> I don't see any security issue here. |
| 32 |
|
| 33 |
with dynamically linked libs you can change just the lib, you can even just |
| 34 |
use some LD_PRELOAD workaround. |
| 35 |
|
| 36 |
As you said yourself - with statically linked libs you have to replace half of |
| 37 |
your system.. and until the binaries are ready for distribution you can't even |
| 38 |
work around it. |
| 39 |
|
| 40 |
-- |
| 41 |
#163933 |
Archives