On Sat, Feb 17, 2007 at 05:09:26PM -0700, Theo de Raadt wrote:
> > Most modern Linux distributions optimize dynamic library load using
> > prelinking; 4.0 and later have a comparable idea implemented
> > ('prebind'), but in a way that does not interfere with OpenBSD's
> > security features. This is not enabled by default (I'm not sure why not,
> > and would be very grateful if anybody would tell me, BTW),
>
> The pkg tree is not yet ready to do the right thing for this, heck,
> even the base is not fully prepared for this to be on by default.
> Prebind appends an information block to the end of libraries, and
> there are some more details which need to be considered, and handled.
>
> Furthermore, anytime you did a 'make build' of your system, the prebind
> information changes in that information block, and when any of it is
> invalid, it ignored, and you are right back in the un-optimized mode.
> That's safe, and fine, but there are issues.
>
> Like everything else in OpenBSD, we make it available early, and then
> we turn it on when we are confident. You don't even need to know the
> above details -- just trust we are making the right decisions.
Okay, that's about what I expected. Thanks!
And, frankly, if I didn't have a lot of confidence in you guys making
the right decisions, I wouldn't be running OpenBSD. I *do* like
understanding how stuff works, though.
Joachim
