[linux-elitists] distributing software securely (was: DJB ruckus du jour)

john spurling synec@nakedlunch.org
Thu Nov 14 07:55:18 PST 2002


On Wed, Nov 13, 2002 at 04:53:35PM -0800, Wayne Earl wrote:
> On Wed, Nov 13, 2002 at 04:37:16PM -0800 or therabouts, Nick Moffitt wrote:
> > 	So are you saying that he doesn't use libc or the gcc ELF init
> > code?  Does he use the L7 call gate manually and write his own printf?
> 
> No. But compare this:
> 
> [foo@yellow bin]$ ldd dnscache
>         libc.so.6 => /lib/libc.so.6 (0x40019000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> 
> with this:
> 
> [foo@yellow sbin]# ldd named
>         liblwres.so.1 => /usr/lib/liblwres.so.1 (0x40026000)
>         libdns.so.5 => /usr/lib/libdns.so.5 (0x40034000)
>         libcrypto.so.2 => /lib/libcrypto.so.2 (0x4011e000)
>         libisccfg.so.0 => /usr/lib/libisccfg.so.0 (0x401e4000)
>         libisccc.so.0 => /usr/lib/libisccc.so.0 (0x401f3000)
>         libisc.so.4 => /usr/lib/libisc.so.4 (0x401fb000)
>         libnsl.so.1 => /lib/libnsl.so.1 (0x4022c000)
>         libpthread.so.0 => /lib/libpthread.so.0 (0x40243000)
>         libc.so.6 => /lib/libc.so.6 (0x4025a000)
>         libdl.so.2 => /lib/libdl.so.2 (0x40390000)
>         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> 
> And draw your own conclusions about external dependencies and the
> minimization of risk.

djb did not invent static linking. behold:

[download and untar bind]
./configure --enable-static && make
ldd bin/named/named
        libnsl.so.1 => /lib/libnsl.so.1 (0x4001d000)
        libc.so.6 => /lib/i686/libc.so.6 (0x40033000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

and if i rebuild libnsl statically, that dependency can be removed,
too.


-- 
"a still tongue makes a happy life."
		--the prisoner



More information about the linux-elitists mailing list