Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Dynamic linking seems to be a rather straightforward technical argument. I'm not sure what to tell you if you can't or won't parse it.


I've had a conversation about it on HN in the past:

http://news.ycombinator.com/item?id=4112517

I wouldn't mind discussing it again.


when zlib had that double-free bug a while back, how many programs had to be updated because of static linking?

I think the problem is that in most of these cases, people only count one side of the ledger. On the whole, I think static linking causes more security issues than dynamic linking, but dynamic linking causes some other problems that are less well accounted for.


A security hole in a library is "automatically distributed" to every program dynamically linked against it. Yes, the coin has two sides.


I am not saying that dynamic linking is perfect. However, a lot of it comes down to how manageable is security. How many programs do I have to update? How sure am I as the sysadmin that I got them all? This is easier with dynamic linking than with something ubiquitous but often statically linked like zlib.

Yeah there is a tradeoff. I am not saying there is no downside. I am just saying security-wise, I prefer a single-point-of-correction to a case where I may not know where the weakest link is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: