What do you expect -- for the hier.7 manual page to say "except for iked and isakmpd"? Expectations are not being broken. It is a trade off.
Alessandro De Laurenzis <[email protected]> wrote: > Sorry Theo, but this is not really inherent to what I wrote... I'm not > arguing why those utilities are now dynamically linked (I'm sure they > are for a reason), but just reporting a misalignment between hier(7) > man page and the actual directory contents. > > Cheers > > On 14/11/2021 08:30, Theo de Raadt wrote: > > Hey you have the source code, and could have figured this out in a few > > minutes. > > iked/Makefile: > > revision 1.14 > > date: 2015/10/22 15:14:27; author: reyk; state: Exp; lines: +4 -1; > > commitid: H3YSN6oyq > > ntUT6Jo; > > Stop linking iked -static: It was inherited from isakmpd that is > > -static for NFS-over-IPsec that might mount the libraries after /usr. > > The benefit of linking iked dynamic outweighs the historic reason, eg. > > to get full address space randomization and to benefit from libcrypto > > updates, so we turn it into a dynamic binary. > > OK deraadt@ naddy@ > > > > > > Alessandro De Laurenzis <[email protected]> wrote: > > > >> Greeting, > >> > >> From hier(7): > >>> /sbin/ System programs and administration utilities fundamental to > >>> both single and multi-user environments. These programs are > >>> statically compiled and therefore do not depend on any system > >>> libraries to run. > >> > >> I see 2 exceptions here: > >> > >>> $ ldd /sbin/iked /sbin/iked: > >>> Start End Type Open Ref GrpRef Name > >>> 00000d960eed3000 00000d960ef5a000 exe 1 0 0 > >>> /sbin/iked > >>> 00000d98291ee000 00000d9829203000 rlib 0 1 0 > >>> /usr/lib/libutil.so.16.0 > >>> 00000d98bc5a4000 00000d98bc5b5000 rlib 0 1 0 > >>> /usr/lib/libevent.so.4.1 > >>> 00000d983e55f000 00000d983e7a1000 rlib 0 1 0 > >>> /usr/lib/libcrypto.so.48.0 > >>> 00000d987a11c000 00000d987a20e000 rlib 0 1 0 > >>> /usr/lib/libc.so.96.1 > >>> 00000d9827c28000 00000d9827c28000 ld.so 0 1 0 > >>> /usr/libexec/ld.so > >> > >> and > >> > >>> $ ldd /sbin/isakmpd > >>> /sbin/isakmpd: > >>> Start End Type Open Ref GrpRef Name > >>> 00000bccefef1000 00000bcceff67000 exe 1 0 0 > >>> /sbin/isakmpd > >>> 00000bcf436b5000 00000bcf438f7000 rlib 0 1 0 > >>> /usr/lib/libcrypto.so.48.0 > >>> 00000bcfa4819000 00000bcfa4849000 rlib 0 1 0 > >>> /usr/lib/libm.so.10.1 > >>> 00000bcfb729f000 00000bcfb7391000 rlib 0 1 0 > >>> /usr/lib/libc.so.96.1 > >>> 00000bcf00856000 00000bcf00856000 ld.so 0 1 0 > >>> /usr/libexec/ld.so > >> > >> Should they be moved in /usr/sbin? Or should the man page be amended? > >> Maybe something like this? > >> > >>> --- hier.7.orig Thu Feb 6 06:40:02 2020 > >>> +++ hier.7 Sun Nov 14 06:43:38 2021 > >>> @@ -165,8 +165,8 @@ > >>> .It /sbin/ > >>> System programs and administration utilities > >>> fundamental to both single and multi-user environments. > >>> -These programs are statically compiled and therefore do not depend on any > >>> -system libraries to run. > >>> +Most of these programs are statically compiled and therefore do not > >>> depend > >>> +on any system libraries to run. > >>> .It /tmp/ > >>> Temporary files that are > >>> .Em not > >> -- Alessandro De Laurenzis > >> [mailto:[email protected]] > >> Web: http://www.atlantide.mooo.com > >> LinkedIn: http://it.linkedin.com/in/delaurenzis > >> > > > > -- > Alessandro De Laurenzis > [mailto:[email protected]] > Web: http://www.atlantide.mooo.com > LinkedIn: http://it.linkedin.com/in/delaurenzis >
