1 |
On 17/12/12 00:14, Volker Armin Hemmann wrote: |
2 |
> Am Sonntag, 16. Dezember 2012, 23:19:46 schrieb Nikos Chantziaras: |
3 |
>> On 15/12/12 12:18, Volker Armin Hemmann wrote: |
4 |
>>> Am Freitag, 14. Dezember 2012, 21:34:54 schrieb Kevin Chadwick: |
5 |
>>>> On Fri, 14 Dec 2012 08:53:35 -0800 |
6 |
>>>> |
7 |
>>>> Mark Knecht <markknecht@×××××.com> wrote: |
8 |
>>>>> I guess the other question that's lurking here for me is why do you |
9 |
>>>>> have /usr on a separate partition? [...] |
10 |
>>>> |
11 |
>>>> It should be moving in the other direction for stability reasons and |
12 |
>>>> busybox is no full answer. |
13 |
>>>> |
14 |
>>>> On OpenBSD which has the benefit of userland being part of it. All the |
15 |
>>>> critical single user binaries are in root and built statically as much |
16 |
>>>> as possible, maximising system reliability no matter the custom |
17 |
>>>> requirements or packages. |
18 |
>>> |
19 |
>>> until a flaw is found in one of the libs used and all those statically |
20 |
>>> linked binaries are in danger. Well done! |
21 |
>> |
22 |
>> I don't see why this would only affect statically linked executables. |
23 |
>> If a bug is found in a library, all dynamically linked executables are |
24 |
>> affected as well. When the BSD packagers put out an update for the |
25 |
>> library, they'll also put updates for the static binaries that use it. |
26 |
>> |
27 |
>> I don't see any security issue here. |
28 |
> |
29 |
> with dynamically linked libs you can change just the lib, you can even just |
30 |
> use some LD_PRELOAD workaround. |
31 |
> |
32 |
> As you said yourself - with statically linked libs you have to replace half of |
33 |
> your system.. and until the binaries are ready for distribution you can't even |
34 |
> work around it. |
35 |
|
36 |
Or you wait for the update by the vendor of your OS, which is what |
37 |
people do. Also, the few critical system binaries that are required to |
38 |
just get a shell and fix the system, are not "half of your system." |