Re: libnss-db and /usr/lib/* libraries
On Thu, 11 Aug 2005, Piotr Roszatycki wrote:
> Hi. The problem is important not only for libnss-db package but also for
> libnss-ldap, libnss-mysql and others.
> $ ldd /usr/lib/libnss_db.so.2 | grep /usr
> libdb-4.3.so => /usr/lib/libdb-4.3.so (0xb7e10000)
Well, IMHO anything used by libnss needs to either be statically linked (and
make 200% sure that:
1. you *WILL* update next-day it if security fixes or other major updates
to any of the statically linked libraries are released -- this is a
2. any dynamic libraries needed are in /lib, and *all* of them use
3. all of the nss module AND static AND dynamic libs are thread-safe AND
Otherwise you have a critical bug in the system, waiting to happen.
If you can't get all of the above to be true, it is time to remove that
particular libnss module from Debian.
libnss modules are *extremely* critical to the system. They are implicitly
linked to *EVERY* running binnary that is linked against libc (instead of,
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot