Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Code re-use

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Discussion
View previous topic :: View next topic  

Are shared libraries good?
Shared libraries are less secure than bloatware
0%
 0%  [ 0 ]
Makes no difference, code is code
14%
 14%  [ 1 ]
Shared libraries are more secure than bloatware
28%
 28%  [ 2 ]
It depends - shared libraries are good for the OS but bad for apps
0%
 0%  [ 0 ]
What are shared libraries?
57%
 57%  [ 4 ]
Total Votes : 7

Author Message
guy
LXF regular


Joined: Thu Apr 07, 2005 1:07 pm
Posts: 1041
Location: Worcestershire

PostPosted: Sun Jan 01, 2012 1:20 pm    Post subject: Code re-use Reply with quote

The other day I came across the suggestion that it it more secure to build everything into your app, rather than rely on shared libraries.

Isn't that just saying that code re-use is bad practice because it equates to vulnerability re-use? Safer to bloat the install.

Thinking of the relative security reputations of some well-known platforms and their relative tendencies for developers to depend on shared libraries, I find this a difficult idea to justify based on evidence.

If 100 instances of the same library are compiled separately into 100 apps, where is the benefit over installing once and linking from those 100 apps?

And doesn't it also depend rather heavily on the experience and professionalism of the shared library developers vs. the app developers? I'd trust a 15-year old maintenance team over a shiny new script kiddie any day.

I kind of smell subversive FUD at work - "You can trust our shiteware approach, honest. Far better than that other competitior - just read this security analysis my salesman wrote." sort of thing.
_________________
Cheers,
Guy
The eternal help vampire
Back to top
View user's profile Send private message
Bazza
LXF regular


Joined: Sat Mar 21, 2009 11:16 am
Posts: 1462
Location: Loughborough

PostPosted: Sun Jan 01, 2012 2:46 pm    Post subject: Reply with quote

Hi guy...

Sorry, but I had to vote "What are shared libraries?"...

The reason is that a very large percentage on here have no idea
what a shared library is.

What happens when a shared library becomes corrupt?
What happens when a shared library is updated?
What happens when a shared library is no-longer needed
in the latest OS incarnation?
Although not a library situation remember SNDREC32.EXE in XP
and below, but not in Vista and higher.......

You see my point.

I suspect that a library that has stood the test of time is pretty much
bullet proof AFA security is concerned. However sometimes they get
major code changes that not only affect countless apps that depend
on them but also break security and reliability.

Just a starter... ;o)
_________________
73...

Bazza, G0LCU...

Team AMIGA...
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8365
Location: Warrington, UK

PostPosted: Sun Jan 01, 2012 8:47 pm    Post subject: Re: Code re-use Reply with quote

guy wrote:
Isn't that just saying that code re-use is bad practice because it equates to vulnerability re-use?


If that is true, it also equates to re-use of vulnerability fixes.

If you have 100 apps all with their own statically compiled version of a library and a vulnerability is found and fixed, you have to wait for all 100 projects to update their code before you are safe from that vulnerability.

The same applies to other improvements to the code, be it bug fixes or better performance.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Fat_Tuesday



Joined: Mon Oct 09, 2006 1:14 pm
Posts: 89

PostPosted: Sun Jan 01, 2012 9:47 pm    Post subject: Reply with quote

Easy answer, only question I understood was the last one!
Back to top
View user's profile Send private message
wyliecoyoteuk
LXF regular


Joined: Sun Apr 10, 2005 11:41 pm
Posts: 3422
Location: Birmingham, UK

PostPosted: Sun Jan 01, 2012 10:40 pm    Post subject: Reply with quote

Shared code may mean multiple vulnerabilities, but it also means multiple eyes on it.
The old "security by obscurity" argument is why Windows has become such a pile of dudu over the years.
Anyway, every current OS uses shared libraries, and yet some are much more secure than others, so that sort of wrecks the argument, really.
_________________
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast