Subject: Re: Dynamically Linked NetBSD-Current
To: Jeff Flowers <jeffrey@jeffreyf.net>
From: Steven M. Bellovin <smb@research.att.com>
List: current-users
Date: 12/11/2002 09:59:41
In message <000701c2a122$6be624c0$6501a8c0@jeffrey>, "Jeff Flowers" writes:
>(Personally, I am looking forward to this for security reasons. I was
>using OpenBSD a long while ago when a security fix effected a library
>that was also found in a number of the system's statically linked
>binaries. A totally dynamic system would have made that an extremely
>easy fix.)
>
Of course, that cuts both ways -- a new security hole in the library
will suddenly affect a large number programs, too, and it makes it
harder to set up chroot'ed partitions.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)