On Sun, Oct 06, 2013 at 03:47:10PM -0700, Kees Cook wrote: > I don't want to ship a static library for libseccomp unless there is a > demonstrated requirement to do it.
I'm thinking about using it in cdebootstrap, which needs to be statically linked. Okay, I can also do a source copy, it is small enough. > Given that this is a security-sensitive > library, I want to actively discourage any kind of static linking. Where is it security sensitive? Only if used this way. I've got tons of uses without security sensitivity, https://bblank.thinkmo.de/blog/archive/2013/03/04/using-seccomp-to-filter-sync-operations for example. If you pull the security sensitive, you have to remove all static linkage of glibc. Bastian -- Well, Jim, I'm not much of an actor either. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
