[static] linking

miah jjohnson at sunrise-linux.com
Wed Mar 19 18:33:32 EST 2003


The application will also run faster...  But security is the reason you should do this.  

-miah

On Wed, Mar 19, 2003 at 05:59:19PM -0500, Young, Charles wrote:
> The only good reason I can think of to link/compile -static is to not have to depend on and trust the shared libraries, which could be altered by a rootkit, etc.  This provides you with a so-called "trusted" binary, albeit bloated :)
> 
> But hey, if they fit on a CD, who cares!  It's kind of an oddball situation though.  I can't think of another good reason to do it if the machine is reasonably secure/hardened.
> 
> Are there other good reasons?
> 
> -----------
> Chuck Young
> Security Consulting
> Level(3) Communications
> -------------------------
> 
> -----Original Message-----
> From: Derek Martin [mailto:blu at sophic.org]
> Sent: Wednesday, March 19, 2003 2:24 PM
> 
> ---snip---
> 
> It depends on how you compile (or actually, link) the program when
> you're building it.  If you build it with -static, you link AT COMPILE
> TIME against the static library.  Otherwise, by default (if your
> system supports shared objects) you link AT RUN TIME against the
> shared library.
> 
> Generally speaking, most systems use the dynamic libraries for the
> vast majority of cases.  The point is this saves huge amounts of disk
> space.  With the static libraries, the library is copied into the
> executable file of every binary that is linked statically, wasting
> huge amounts of space.  That's the (main) point of shared libraries.
> 
> ---snip---
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss



More information about the Discuss mailing list