Re: Policy re. static linking of binaries ? (SSH)
> Hi,
>
> SSH is currently dynamically linked against libc5, gmp, and zlib1.
>
> IMHO it should be statically linked, since it is a security program, and
> might otherwise have its security affected by the replacement of one of
> these libraries --- what do others think ?
Well, library replacements are usually bug _fixes_! So, upon upgrading
your libc to a new version, you'll instantly fix the bugs in sshd
_if_ it's dynamically linked. What gain is there in linking it static?
Only to ensure the bugs live longer in sshd!
(It's only sshd you are interested in: ssh (the user programme) gets
executed by the user, and any user can build a ssh version with any
shared/static libc version he likes anyway, wheter debian includes a
shared or static ssh).
--
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: