shared libraries [ was: Re: Fwd: Re: zlib-1.1.4 out - security fix ]
spyro at armlinux.org
Thu Mar 14 15:21:53 PST 2002
On a sunny Thu, 14 Mar 2002 22:51:04 +0100 Matthias Benkmann gathered a
sheaf of electrons and etched in their motions the following immortal
> Even though it's horribly off topic for lfs-security, I'd like to shed
> some light on the shared libz debate here. Before you stop reading: I
> actually did measurements, so the following is not just theory.
> But let's start with the theory:
> 1. shared libraries come with a speed penalty
> a) the dynamic linker/loader needs to be executed
> If it's not in the disk cache this usually requires a seek to a different
> part of the hard disk. Even if it's in cache, preparing the process space
> for it to run takes some time.
true, but its not a huge penalty and its a once-off.
> c) during program execution, the necessary code portions from the shared
> lib need to be mmap'ed into the program's process space.
Same applies to static binaries. Linux uses demands loading...
> Unless the
> required parts of the shared library are in memory already, they need to
> be read from disk when the program first accesses them.
Here is where we win with shlibs, though. they are likely to already be
loaded by something else. libc, gtk, et al, especially.
> 3. statically linked binaries often don't come with a speed penalty
> A statically linked binary is larger than a dynamically linked one, so
> you could be tempted to think that when the binary is loaded, more stuff
> has to be loaded from disk, resulting in slower startup. This is not
> true. Linux uses demand-loading, it doesn't load a page until it is
This can involve a LOT of seeking, though.
> Let's summarize:
> Statically linked programs need less processing at startup and fewer disk
> seeks and loads at startup, so they start up faster.
A /little/ less processing, and I dont think the seek penalty is going to
be vastly lower.
I agree with your comments in general, but I think zlib is perhaps a bit on
the small side to be used as an example. of course, there is not 'proper'
example, as you say.
Take Libc for example - if that is statically linked, you can get a MASSIVE
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security