I've been investigating running named in a chrooted environment as a
non-privileged user, and I've hit a minor issue which will probabloy
bite people without source access (or who are unwilling to recompiled):
named-xfer needs to be under the chroot cage, and by default, it's
compiled dynamically.

Now, it should be possible to use dynamic binaries in a chroot cage,
but it is much more work than if named-xfer was statically linked.

I've done a quick comparison of the size difference between named-xfer
statically vs dynamically linked (on 1.5/i386):

% size /usr/libexec/named-xfer*
text data bss dec hex filename
254393 4960 12912 272265 42789 /usr/libexec/named-xfer
187585 4864 7744 200193 30e01 /usr/libexec/named-xfer.dyn

% ls -l /usr/libexec/named-xfer*
272 -r-xr-xr-x 1 root wheel 270024 Feb 8 19:07 /usr/libexec/named-xfer*
200 -r-xr-xr-x 1 root wheel 195576 Nov 16 20:38 /usr/libexec/named-xfer.dyn*

Given this minor size difference I don't see a major issue with making
named-xfer static.

Are there any serious objections to me doing this?
Other comments?

Luke.

PS: I'm going to document how I did this, and also consider making
the default (after discussion)

-- 
Luke Mewburn  <lukemwasabisystems.com>  http://www.wasabisystems.com
Luke Mewburn     <lukemnetbsd.org>      http://www.netbsd.org
Wasabi Systems - providing NetBSD sales, support and service.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]