Re: Policy re. static linking of binaries ? (SSH)

To: debian-devel@lists.debian.org
Subject: Re: Policy re. static linking of binaries ? (SSH)
From: Erik Andersen <andersen@inconnect.com>
Date: Fri, 11 Jul 1997 09:36:31 -0600 (MDT)
Message-id: <[🔎] Pine.SOL.3.95q.970711093510.29436F-100000@ultra1>

---------- Forwarded message ----------
Wouldn't it be a good thing to have fsck and a few other system critical
binaries staticly linked?  I know when my file system is messed up
and broken, the last thing I am going to want is to have fsck NOT
work because it cant link with some library.  I remember when I tried
to downgrade my ldso package, and it trashed my /etc/ldso.conf file
and then NOTHING would work at all, except statically linked stuff.
That was a very bad thing.
 
 -Erik

--
Erik B. Andersen   Web:    http://www.inconnect.com/~andersen/ 
                   email:  andersee@debian.org
--This message was written using 73% post-consumer electrons--


On Fri, 11 Jul 1997, joost witteveen wrote:

> > Hi,
> > 
> > SSH is currently dynamically linked against libc5, gmp, and zlib1.
> > 
> > IMHO it should be statically linked, since it is a security program, and 
> > might  otherwise have its security affected by the replacement of one of
> > these libraries --- what do others think ?
> 
> Well, library replacements are usually bug _fixes_! So, upon upgrading
> your libc to a new version, you'll instantly fix the bugs in sshd
> _if_ it's dynamically linked. What gain is there in linking it static?
> Only to ensure the bugs live longer in sshd!
> 
> (It's only sshd you are interested in: ssh (the user programme) gets
> executed by the user, and any user can build a ssh version with any
> shared/static libc version he likes anyway, wheter debian includes a 
> shared or static ssh).
> 
> 
> -- 
> joost witteveen, joostje@debian.org
> #!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
> $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
> lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
> #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-devel-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .
> 
> 



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: compiling twin
Next by Date: Prospective doc packages: SGML - Perl5
Previous by thread: Re: Policy re. static linking of binaries ? (SSH)
Next by thread: Re: Policy re. static linking of binaries ? (SSH)
Index(es):
- Date
- Thread