bind-9 and static
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Thu Sep 21 00:55:39 UTC 2000
>
>
> > What benefit is there in running it as static?
>
> An attempt to limit the exposure and number of available avenues for
> further damage.
Named is not a suid exectable, it is not designed as a suid
executable. It is however designed to be started by root
and optionally change to running as a different user.
Linking statically actually exposes you to more risk rather
than less as you don't pick up bug fixes to libraries as
easily.
>
> > There was a marginal setup benefit with BIND8 and running chroot
> > but BIND 9 no longer has a named-xfer hence no benefit.
>
> I'm not sure I understand. So the named binary is itself doing the zone
> transfer, but I'm not sure how that's really different than it was
> before...
Then you don't understand why people wanted named (or more
particularly named-xfer) linked statically for chroot in the
first place.
>
> > CFLAGS="..." ./configure
>
> This didn't work. It seems to arbitrarily ignore the -static but keeps the
> -O2 but ignores the -static on all binaries.
>
> Thanks again,
> Dave
Run the following and post the results.
script
make distclean
env CFLAGS="-O2 -static" ./configure
make depend
make
file bin/nsupdate/nsupdate
exit
Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list