Larry Rosenman writes:
> Why do this at all? Security. Having shared libraries without full SONAME's
> is a big security risk. There have been any number of huge explots based
> around this. Point me at any Solaris machine <= 2.7, or any OSR5 system <
> 507 or any FreeBSD system <= 4.0 and I can get root with 1 tiny program
> thats on all of them: xterm. It has long upset me, and I am done trying to
> convince them, but libtool encourages the worst possible .so practices, and
> may programs seem to have picked up those equally bad practices. There is
> no need for futzing with ld.conf and the like if people take the time to
> construct shared libraries propperly. Yes it can be a pain to bootstrap but
> the reward is very well worth the effort it takes.
These concerns might have some merit, but the solution could not possibly
be to only fix this on one platform, because the mechanisms are the same
everywhere. That said, it seems the universal practice is not to put full
sonames into shared libraries, so it seems better that our libraries
follow that practice. Otherwise it will be only a matter of time before
someone comes out of the wood and claims that libraries will full sonames
are a big whatever-else problem.
--
Peter Eisentraut peter_e@gmx.net