Postgres Pro
Downloads
Home   >   mailing lists

Re: PG Patch (fwd) [openserver patch followup #2] - Mailing list pgsql-patches

From Larry Rosenman
Subject Re: PG Patch (fwd) [openserver patch followup #2]
Date
Msg-id 149070000.1058633948@lerlaptop.lerctr.org
Whole thread Raw
Responses Re: PG Patch (fwd) [openserver patch followup #2]  (Peter Eisentraut <peter_e@gmx.net>)
List pgsql-patches
Tree view 
2nd followup from Kean.

LER


------------ Forwarded Message ------------
Date: Friday, July 18, 2003 23:43:55 -0700
From: Kean Johnston <jkj@sco.com>
To: Larry Rosenman <ler@lerctr.org>
Cc:
Subject: Re: PG Patch

Larry Rosenman wrote:
> I got a question from the PG Core Team (Bruce Momjian) about the
> rpathdir portion of
> your patch.
>
> Why can't it use libdir?  Or can we wrap it in .if (port,=,sco) type
> stuff?
Sorry I forgot to anwer that portion of the question. The only place that
used RPATHDIR *is* wrapped up in if port=sco. But why not use just libdir?
Well the rule for making shared libraries is shared across multiple
makefiles. Although I only set it for the main interface libraries, I had
originally set it for all the dynamically loadable modules too, and for
those, libdir isnt what you want, you want datadir or whatever its called
(I'm too lazy to go look now). So I needed variable the lower level
makefiles could specify that get used in the top level makefile.

Why do this at all? Security. Having shared libraries without full SONAME's
is a big security risk. There have been any number of huge explots based
around this. Point me at any Solaris machine <= 2.7, or any OSR5 system <
507 or any FreeBSD system <= 4.0 and I can get root with 1 tiny program
thats on all of them: xterm. It has long upset me, and I am done trying to
convince them, but libtool encourages the worst possible .so practices, and
may programs seem to have picked up those equally bad practices. There is
no need for futzing with ld.conf and the like if people take the time to
construct shared libraries propperly. Yes it can be a pain to bootstrap but
the reward is very well worth the effort it takes.

Suffice it to say that I believe that *EVERY* .so should have an absolute
SONAME. There are still a few I need to clean up in 507 but most of them
are correct. If you're not on the up-and-up with DT_RUNPATH, DT_RPATH and
SONAME ELF headers I suggest for light reading that you peruse the gABI.

Kean

---------- End Forwarded Message ----------



--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 972-414-9812                 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

pgsql-patches by date:

Previous
From: Larry Rosenman
Date:
Subject: Re: PG Patch (fwd) [OpenServer followup #1]
Next
From: Rod Taylor
Date:
Subject: Re: Release.sgml markup