[ On Tuesday, March 20, 2001 at 12:55:22 (+1100), Damien Miller wrote: ]
> Subject: Re: getting shared dynamic libraries
>
> That is just silly - if someone is in a position to play games with you
> system libraries then they can do a lot more damage than that.
That's not always true (witness LD_LIBRARY_PATH and the atrocities
attributed to its misuse).
> Since libc is almost always a dynamic lib, then it makes little sense
> to statically link against other things.
That's bull. Libc is not always a dynamic library, and it often makes
lots of sense to statically link sensitive binaries (be they sensitive
in the generic security sense, or only in the sense that they have to be
highly available and reliable).
> You may want to statically link against OpenSSL if you plan on upgrading
> it. All OpenSSL releases to date have broken binary compatability.
If you staticly link ssh or sshd then presumably you statically link the
entire binary, not just with a few of the dependent libraries.....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
