[Cryptography] Are dynamic libs compatible with security? was: Apple and OpenSSL

[Theodore Ts'o]

On Tue, Apr 22, 2014 at 11:53:41AM -0700, Bill Frantz wrote:
> I'm not sure the memory advantage of sharing library code overcomes the
> disadvantages described elsewhere in this thread with modern systems. Even
> when I consider my Raspberry Pi system, it has 512 meg of memory divided
> between the video card part of the SoC and the Arm processor portion. If I
> have 50 meg of shared library, that's less than 10% and might be a cheap
> price to pay for software stability.
> 
> Does anyone have any information on how much sharing actually takes place?

On modern systems the amount of bloat is truly astonishing.  Consider
that libxml2 is almost 1.5 megabytes of compiled object code.
libcrypto is almost 2 megabytes, the libQt libraries is 62 megabytes,
and so on.  So if you have a dozen or so windows open (and in a GNOME
or KDE system, many of the applications will all be using the same
shared libraries), the amount of memory which is saved can be quite
large.

Of course, the fact that we have so much bloat is bad from security
perspective as well.  How many zero-days do *you* think is hiding in 2
megabytes of compiled crypto code?  :-)

						- Ted

P.S.  Yes, if you statically linked, you might not need to drag in the
entire text of the library.  But unfortunately, because everyone uses
shared libraries, the discipline to keep library functions well
isolated and in separate small .o units so that pulling in a few
functions doesn't end up dragging in the entire library anyway is much
less rigorous than there used to be.  (``It my day, we had to make our
programs fit in 64k.  <shakes stick> And get off my lawn!''  :-)