boot time executables and shared libs
in [Solaris]
|
Prev: Solaris 10 networking - Global zones
Next: RBAC and EMC SymCLI : Access denied - you are not an authorized base daemon user
From: Tim Bradshaw on 9 Jul 2008 14:44 On Jul 9, 7:35 pm, Wayne <nos...(a)all.4me.invalid> wrote: > You're probably right, but there is a difference between not needed > any static utilities, and not allowing any to be built. I think > Sun should allow a user the option to build static applications > or utilities if desired. For one thing, forensic investigation > tools need to be statically linked, and this restriction means > you can't use Solaris 10 for a forensic platform. I don't. Statically linked binaries make it essentially impossible for Sun to meet compatibility promises, and it's reasonably obvious (from this thread if no other) that people will try and construct them if they can: it's not enough for Sun to say "don't". And yes, of course they could then try and turn around and say "I told you that would break" but that doesn't work very well when the customer is big enough. I can see the relevance of static linking for forensic tools, though I suspect you could get around it quite easily by using your own version of ld.so.1 and your own copies of shared libs. This must only matter when trying to look at live possibly-compromised systems I think - for anything dead I'd boot from read-only media to inspect the disk.
From: rice.cruft on 9 Jul 2008 16:47 On Jul 9, 2:44 pm, Tim Bradshaw <tfb+goo...(a)tfeb.org> wrote: > On Jul 9, 7:35 pm, Wayne <nos...(a)all.4me.invalid> wrote: > > > You're probably right, but there is a difference between not needed > > any static utilities, and not allowing any to be built. I think > > Sun should allow a user the option to build static applications > > or utilities if desired. To put this more in the context of my target platforms... On Sol 9, / lib is a symlink to /usr/lib -- /usr may or may not be a mount point (yes?). On Sol 10 /lib _is_ a directory on root. --Eric
From: Andrew Gabriel on 10 Jul 2008 19:32 In article <4875046a$0$7797$2318a52a(a)unlimited.newshosting.com>, Wayne <nospam(a)all.4me.invalid> writes: > > You're probably right, but there is a difference between not needed > any static utilities, and not allowing any to be built. I think > Sun should allow a user the option to build static applications > or utilities if desired. For one thing, forensic investigation > tools need to be statically linked, and this restriction means Why? Forensic investigation of what? The system they're running on? > you can't use Solaris 10 for a forensic platform. -- Andrew Gabriel [email address is not usable -- followup in the newsgroup]
From: Tim Bradshaw on 11 Jul 2008 03:18 On Jul 11, 12:32 am, and...(a)cucumber.demon.co.uk (Andrew Gabriel) wrote: > Why? > Forensic investigation of what? The system they're running on? I think the idea is that you don't trust the shared libraries or the linker. But if you don't trust them, do you trust the kernel not to have had bad modules loaded into it?
From: Casper H.S. Dik on 29 Jul 2008 08:19
Tim Bradshaw <tfb+google(a)tfeb.org> writes: >I can see the relevance of static linking for forensic tools, though I >suspect you could get around it quite easily by using your own version >of ld.so.1 and your own copies of shared libs. This must only matter >when trying to look at live possibly-compromised systems I think - for >anything dead I'd boot from read-only media to inspect the disk. But if the systen is compromised there's no point in running the forensic tools on that system, statically linked or not. Casper -- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth. |