LER
------------ Forwarded Message ------------ Date: Friday, July 18, 2003 23:43:55 -0700 From: Kean Johnston <[EMAIL PROTECTED]> To: Larry Rosenman <[EMAIL PROTECTED]> Cc: Subject: Re: PG Patch
Larry Rosenman wrote:
I got a question from the PG Core Team (Bruce Momjian) about the rpathdir portion of your patch.
Why can't it use libdir? Or can we wrap it in .if (port,=,sco) type stuff?
Sorry I forgot to anwer that portion of the question. The only place that used RPATHDIR *is* wrapped up in if port=sco. But why not use just libdir? Well the rule for making shared libraries is shared across multiple makefiles. Although I only set it for the main interface libraries, I had originally set it for all the dynamically loadable modules too, and for those, libdir isnt what you want, you want datadir or whatever its called (I'm too lazy to go look now). So I needed variable the lower level makefiles could specify that get used in the top level makefile.
Why do this at all? Security. Having shared libraries without full SONAME's is a big security risk. There have been any number of huge explots based around this. Point me at any Solaris machine <= 2.7, or any OSR5 system < 507 or any FreeBSD system <= 4.0 and I can get root with 1 tiny program thats on all of them: xterm. It has long upset me, and I am done trying to convince them, but libtool encourages the worst possible .so practices, and may programs seem to have picked up those equally bad practices. There is no need for futzing with ld.conf and the like if people take the time to construct shared libraries propperly. Yes it can be a pain to bootstrap but the reward is very well worth the effort it takes.
Suffice it to say that I believe that *EVERY* .so should have an absolute SONAME. There are still a few I need to clean up in 507 but most of them are correct. If you're not on the up-and-up with DT_RUNPATH, DT_RPATH and SONAME ELF headers I suggest for light reading that you peruse the gABI.
Kean
---------- End Forwarded Message ----------
-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
