[Cryptography] Are dynamic libs compatible with security? was: Apple and OpenSSL

[Russ Nelson]

Theodore Ts'o writes:
 > P.S.  Yes, if you statically linked, you might not need to drag in the
 > entire text of the library.  But unfortunately, because everyone uses
 > shared libraries, the discipline to keep library functions well
 > isolated and in separate small .o units so that pulling in a few
 > functions doesn't end up dragging in the entire library anyway is much
 > less rigorous than there used to be.

Besides simply not having code linked into the program (and thus the
code doesn't need to be audited), a smart linker can do an execution
analysis of the program and keep frequently-executed code in the same
kernel block. That ensures that all that code which handles all those
weird exceptions is never even loaded into memory.

Who, me, paranoid? That's because they really *are* out to get me.

-- 
--my blog is at    http://blog.russnelson.com
Crynwr supports open source software
521 Pleasant Valley Rd. | +1 315-600-8815
Potsdam, NY 13676-3213  |     Sheepdog