On 2024-Apr-02, David E. Wheeler wrote: > That quotation comes from this Debian patch[2] maintained by Christoph > Berg. I’d like to formally propose integrating this patch into the > core. And not only because it’s overhead for package maintainers like > Christoph, but because a number of use cases have emerged since we > originally discussed something like this back in 2013[3]:
I support the idea of there being a second location from where to load shared libraries ... but I don't like the idea of making it runtime-configurable. If we want to continue to tighten up what superuser can do, then one of the things that has to go away is the ability to load shared libraries from arbitrary locations (dynamic_library_path). I think we should instead look at making those locations hardcoded at compile time. The packager can then decide where those things go, and the superuser no longer has the ability to load arbitrary code from arbitrary locations. -- Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/ Al principio era UNIX, y UNIX habló y dijo: "Hello world\n". No dijo "Hello New Jersey\n", ni "Hello USA\n".