| From: | Larry Rosenman <ler(at)lerctr(dot)org> |
|---|---|
| To: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: PG Patch (fwd) [openserver patch followup #2] |
| Date: | 2003-07-19 16:59:08 |
| Message-ID: | 149070000.1058633948@lerlaptop.lerctr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
2nd followup from Kean.
LER
------------ Forwarded Message ------------
Date: Friday, July 18, 2003 23:43:55 -0700
From: Kean Johnston <jkj(at)sco(dot)com>
To: Larry Rosenman <ler(at)lerctr(dot)org>
Cc:
Subject: Re: PG Patch
Larry Rosenman wrote:
> I got a question from the PG Core Team (Bruce Momjian) about the
> rpathdir portion of
> your patch.
>
> Why can't it use libdir? Or can we wrap it in .if (port,=,sco) type
> stuff?
Sorry I forgot to anwer that portion of the question. The only place that
used RPATHDIR *is* wrapped up in if port=sco. But why not use just libdir?
Well the rule for making shared libraries is shared across multiple
makefiles. Although I only set it for the main interface libraries, I had
originally set it for all the dynamically loadable modules too, and for
those, libdir isnt what you want, you want datadir or whatever its called
(I'm too lazy to go look now). So I needed variable the lower level
makefiles could specify that get used in the top level makefile.
Why do this at all? Security. Having shared libraries without full SONAME's
is a big security risk. There have been any number of huge explots based
around this. Point me at any Solaris machine <= 2.7, or any OSR5 system <
507 or any FreeBSD system <= 4.0 and I can get root with 1 tiny program
thats on all of them: xterm. It has long upset me, and I am done trying to
convince them, but libtool encourages the worst possible .so practices, and
may programs seem to have picked up those equally bad practices. There is
no need for futzing with ld.conf and the like if people take the time to
construct shared libraries propperly. Yes it can be a pain to bootstrap but
the reward is very well worth the effort it takes.
Suffice it to say that I believe that *EVERY* .so should have an absolute
SONAME. There are still a few I need to clean up in 507 but most of them
are correct. If you're not on the up-and-up with DT_RUNPATH, DT_RPATH and
SONAME ELF headers I suggest for light reading that you peruse the gABI.
Kean
---------- End Forwarded Message ----------
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler(at)lerctr(dot)org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2003-07-19 17:45:04 | Re: Release.sgml markup |
| Previous Message | Larry Rosenman | 2003-07-19 16:58:26 | Re: PG Patch (fwd) [OpenServer followup #1] |