Hi, On Sat, Sep 11, 2021 at 04:17:33PM +0200, Marc Haber wrote: > aide is traditionally linked statically to protect itself against > trojaned / doctored libraries that might affect the authenticity of the > database and the check results. On Linux, this has not been fully > effective for years since some dynamicity remains, especially regarding > NSS. > > During Debian's last glibc transition, this has led to reproducible and > unconditional segfaults once aide uses a nss call, which happens via > libacl when a file possessing an ACL is processed during check.
The issue tracker also lists several issues related to static linking[issues]. I have now changed the default from static to dynamic linking[commit]. Advanced users (who know how to deal with the issues) can still re-enable static linking as needed. Best regards Hannes [issues] https://github.com/aide/aide/issues?q=label%3A%22static+linking%22+ [commit] https://github.com/aide/aide/commit/285e791c0d7c70e3f5e72824562dd27be781c2d6 _______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
