bet at rahul.net
Wed Jan 7 09:05:09 PST 2004
2004-01-07T11:20:22 Robert Connolly:
> What do you guys think about building some bins
> static. Specificly ping, su, passwd, /bin/false. Is there any
> reasons these are more secure dynamicly linked?
I think there are two security issues in the neighborhood of static
-vs- dynamic linking.
Historically, there have been some glitches with handling things
like LD_LIBRARY_PATH and LD_PRELOAD, in the face of suid
executables. Those have as far as I know all been fixed, long ago,
but even so if someone can control the envars in which a
differently-privileged process runs a dynamically linked executable
they can exploit these. So good practice requires that you prevent
users from being able to influence LD_* envars across privilege
boundaries. Not a big deal, not at all.
If a library itself has a bug, deploying the fixed version of the
shared lib fixes all dynamically-linked executables as starting with
their next invocation (i.e. persistent daemons may need restarting);
with static linking, you have to rebuild and reinstall everything
that depends on the lib. Strong software packaging can help bring
this cost down, but it's still there.
I think other, non-security-specific issues are stronger drivers in
the dynamic -vs- static linking debate.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev