| View previous topic :: View next topic |
| Are shared libraries good? |
| Shared libraries are less secure than bloatware |
|
0% |
[ 0 ] |
| Makes no difference, code is code |
|
14% |
[ 1 ] |
| Shared libraries are more secure than bloatware |
|
28% |
[ 2 ] |
| It depends - shared libraries are good for the OS but bad for apps |
|
0% |
[ 0 ] |
| What are shared libraries? |
|
57% |
[ 4 ] |
|
| Total Votes : 7 |
|
| Author |
Message |
guy
LXF regular
Joined: Thu Apr 07, 2005 1:07 pm
Posts: 828
Location: Worcestershire
|
 Posted: Sun Jan 01, 2012 1:20 pm Post subject: Code re-use |
 |
|
The other day I came across the suggestion that it it more secure to build everything into your app, rather than rely on shared libraries.
Isn't that just saying that code re-use is bad practice because it equates to vulnerability re-use? Safer to bloat the install.
Thinking of the relative security reputations of some well-known platforms and their relative tendencies for developers to depend on shared libraries, I find this a difficult idea to justify based on evidence.
If 100 instances of the same library are compiled separately into 100 apps, where is the benefit over installing once and linking from those 100 apps?
And doesn't it also depend rather heavily on the experience and professionalism of the shared library developers vs. the app developers? I'd trust a 15-year old maintenance team over a shiny new script kiddie any day.
I kind of smell subversive FUD at work - "You can trust our shiteware approach, honest. Far better than that other competitior - just read this security analysis my salesman wrote." sort of thing.
_________________
Cheers,
Guy
The eternal noob |
|
| Back to top |
|
 |
Bazza
LXF regular
Joined: Sat Mar 21, 2009 11:16 am
Posts: 1381
Location: Loughborough
|
| Posted: Sun Jan 01, 2012 2:46 pm Post subject: |
|
|
Hi guy...
Sorry, but I had to vote "What are shared libraries?"...
The reason is that a very large percentage on here have no idea
what a shared library is.
What happens when a shared library becomes corrupt?
What happens when a shared library is updated?
What happens when a shared library is no-longer needed
in the latest OS incarnation?
Although not a library situation remember SNDREC32.EXE in XP
and below, but not in Vista and higher.......
You see my point.
I suspect that a library that has stood the test of time is pretty much
bullet proof AFA security is concerned. However sometimes they get
major code changes that not only affect countless apps that depend
on them but also break security and reliability.
Just a starter... ;o)
_________________
73...
Bazza, G0LCU...
Team AMIGA... |
|
| Back to top |
|
|
nelz
Moderator
Joined: Mon Apr 04, 2005 12:52 pm
Posts: 7995
Location: Warrington, UK
|
| Posted: Sun Jan 01, 2012 8:47 pm Post subject: Re: Code re-use |
|
|
| guy wrote: | | Isn't that just saying that code re-use is bad practice because it equates to vulnerability re-use? |
If that is true, it also equates to re-use of vulnerability fixes.
If you have 100 apps all with their own statically compiled version of a library and a vulnerability is found and fixed, you have to wait for all 100 projects to update their code before you are safe from that vulnerability.
The same applies to other improvements to the code, be it bug fixes or better performance.
_________________
Unix is user-friendly. It's just very selective about who it's friends are. |
|
| Back to top |
|
|
Fat_Tuesday
Joined: Mon Oct 09, 2006 1:14 pm
Posts: 77
|
| Posted: Sun Jan 01, 2012 9:47 pm Post subject: |
|
|
| Easy answer, only question I understood was the last one! |
|
| Back to top |
|
|
wyliecoyoteuk
LXF regular
Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3358
Location: Birmingham, UK
|
| Posted: Sun Jan 01, 2012 10:40 pm Post subject: |
|
|
Shared code may mean multiple vulnerabilities, but it also means multiple eyes on it.
The old "security by obscurity" argument is why Windows has become such a pile of dudu over the years.
Anyway, every current OS uses shared libraries, and yet some are much more secure than others, so that sort of wrecks the argument, really.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!
*************** ************ |
|
| Back to top |
|
|
| View previous topic :: View next topic |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
