[Aide] static linking on Linux and Packaging for Distributions
Hannes von Haugwitz
hannes at vonhaugwitz.com
Sun Dec 5 22:34:06 EET 2021
Hi,
On Sat, Sep 11, 2021 at 04:17:33PM +0200, Marc Haber wrote:
> aide is traditionally linked statically to protect itself against
> trojaned / doctored libraries that might affect the authenticity of the
> database and the check results. On Linux, this has not been fully
> effective for years since some dynamicity remains, especially regarding
> NSS.
>
> During Debian's last glibc transition, this has led to reproducible and
> unconditional segfaults once aide uses a nss call, which happens via
> libacl when a file possessing an ACL is processed during check.
The issue tracker also lists several issues related to static
linking[issues].
I have now changed the default from static to dynamic linking[commit].
Advanced users (who know how to deal with the issues) can still re-enable
static linking as needed.
Best regards
Hannes
[issues] https://github.com/aide/aide/issues?q=label%3A%22static+linking%22+
[commit] https://github.com/aide/aide/commit/285e791c0d7c70e3f5e72824562dd27be781c2d6
More information about the Aide
mailing list