Sorry Theo, but this is not really inherent to what I wrote... I'm not
arguing why those utilities are now dynamically linked (I'm sure they
are for a reason), but just reporting a misalignment between hier(7) man
page and the actual directory contents.
Cheers
On 14/11/2021 08:30, Theo de Raadt wrote:
Hey you have the source code, and could have figured this out in a few
minutes.
iked/Makefile:
revision 1.14
date: 2015/10/22 15:14:27; author: reyk; state: Exp; lines: +4 -1;
commitid: H3YSN6oyq
ntUT6Jo;
Stop linking iked -static: It was inherited from isakmpd that is
-static for NFS-over-IPsec that might mount the libraries after /usr.
The benefit of linking iked dynamic outweighs the historic reason, eg.
to get full address space randomization and to benefit from libcrypto
updates, so we turn it into a dynamic binary.
OK deraadt@ naddy@
Alessandro De Laurenzis <[email protected]> wrote:
Greeting,
From hier(7):
/sbin/ System programs and administration utilities fundamental to
both single and multi-user environments. These programs are
statically compiled and therefore do not depend on any system
libraries to run.
I see 2 exceptions here:
$ ldd /sbin/iked /sbin/iked:
Start End Type Open Ref GrpRef Name
00000d960eed3000 00000d960ef5a000 exe 1 0 0 /sbin/iked
00000d98291ee000 00000d9829203000 rlib 0 1 0
/usr/lib/libutil.so.16.0
00000d98bc5a4000 00000d98bc5b5000 rlib 0 1 0
/usr/lib/libevent.so.4.1
00000d983e55f000 00000d983e7a1000 rlib 0 1 0
/usr/lib/libcrypto.so.48.0
00000d987a11c000 00000d987a20e000 rlib 0 1 0
/usr/lib/libc.so.96.1
00000d9827c28000 00000d9827c28000 ld.so 0 1 0
/usr/libexec/ld.so
and
$ ldd /sbin/isakmpd
/sbin/isakmpd:
Start End Type Open Ref GrpRef Name
00000bccefef1000 00000bcceff67000 exe 1 0 0 /sbin/isakmpd
00000bcf436b5000 00000bcf438f7000 rlib 0 1 0
/usr/lib/libcrypto.so.48.0
00000bcfa4819000 00000bcfa4849000 rlib 0 1 0
/usr/lib/libm.so.10.1
00000bcfb729f000 00000bcfb7391000 rlib 0 1 0
/usr/lib/libc.so.96.1
00000bcf00856000 00000bcf00856000 ld.so 0 1 0
/usr/libexec/ld.so
Should they be moved in /usr/sbin? Or should the man page be amended?
Maybe something like this?
--- hier.7.orig Thu Feb 6 06:40:02 2020
+++ hier.7 Sun Nov 14 06:43:38 2021
@@ -165,8 +165,8 @@
.It /sbin/
System programs and administration utilities
fundamental to both single and multi-user environments.
-These programs are statically compiled and therefore do not depend on any
-system libraries to run.
+Most of these programs are statically compiled and therefore do not depend
+on any system libraries to run.
.It /tmp/
Temporary files that are
.Em not
--
Alessandro De Laurenzis
[mailto:[email protected]]
Web: http://www.atlantide.mooo.com
LinkedIn: http://it.linkedin.com/in/delaurenzis
--
Alessandro De Laurenzis
[mailto:[email protected]]
Web: http://www.atlantide.mooo.com
LinkedIn: http://it.linkedin.com/in/delaurenzis
