[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reasons for Statically linking to Bekely DB?



man, 05.04.2004 kl. 05.16 skrev Edward Rudd:

> I am compiling my own RPMS for my server, and have noted that several of
> the existing RPMS of Openldap, mostly 2.0.x series, are compiled in such
> a way that the Berkeley DB is statically linked to the server binary as
> opposed to dynamically linked to the system DB library. Is there any
> reason to do this? And will I run into problems if my system ships with
> DB 4.1.25, and I compile OpenLDAP with DB version 4.2.52?

I'm no expert on this and the following should be taken as my own view.
I've wondered at this too, and done some work on it.

1: You'll find it hard to avoid linking at least one BDB static lib in,
anyway. Try specifying enable-dynamic and then do a strings on the
binary;
2: It isn't just BDB: other frequently updated libraries such as SSL and
SASL should also be taken into account, and the same applies to them;
3: The same applies to other applications than Openldap, into which
static libs have been compiled.

I now take the view that not only Openldap but also all other apps
dependent on lib updates/upgrades should be recompiled with the new libs
- and that's no joke. If that isn't possible, then the new libs should
be kept apart from the old ones and explicitly linked into each new
binary compile.

As an example, RedHat has linked libs which are now known to be either
vulnerable or faulty into apps such as Openldap (e.g. BDB 4.1.25, Cyrus
SASL 2.1.15 and Openssl 0.9.7c) on RHEL3 but hasn't yet released
modified Openldap packages, even if it's released an Openssl 0.9.7d
update. Though many apps on RHEL3 have been compiled with static Openssl
0.9.7c.

The whole subject is thorny.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl