Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dynamic Root Support For FreeBSD Now Available

Posted by Hemos on from the coming-at-you dept.

Dan writes "FreeBSD's Gordon Tetlow has committed his enhancements to enable users to build /bin and /sbin dynamically linked on FreeBSD. His reason to do this is two-fold. One is to give better support for PAM and NSS in the base system. The second is to save some disk space. Currently (on his x86 box), /bin and /sbin are 32 MB. With a dynamically linked root (and some pruning of some binaries), the /bin, /lib, and /sbin come out to 6.1 MB. This should be great for people with 2.x and 3.x era root partitions that are only about 50 MB. Gordon says that there will be a performance hit associated with this. He did a quick measurement at boot and his boot time (from invocation of /etc/rc to the login prompt) went from 12 seconds with a static root to 15 seconds with a dynamic root."

12 of 112 comments (clear)

  1. Re:bad bad bad by Nizzt · · Score: 5, Informative

    Thats why the librarys are in /lib not /usr/lib

  2. Re:bad bad bad by cperciva · · Score: 5, Informative

    it will also make it impossible to recover a server if you accidentally delete /usr

    No. The libraries used by stuff in /bin and /sbin are being moved into /lib, so everything which is being changed from static to dynamic will still work even if /usr is gone.

    Also note that /rescue is still static (and crunched).

    --
    Tarsnap: Online backups for the truly paranoid
  3. Re:bad bad bad by jkujawa · · Score: 2, Informative

    The point of static binaries in /bin and /sbin is not only being able to mount /usr of a file server, but also being able to recover if you kill ld.so.

  4. Re:bad bad bad by Anonymous Coward · · Score: 2, Informative

    not only will this affect performance, but it will also make it impossible to recover a server if you accidentally delete /usr,

    Only if you do something stupid, like put critical system libs into /usr. The binaries in /bin and /sbin shouldn't rely on anything in /usr, only libraries in /lib.

  5. Re:bad bad bad by Anonymous Coward · · Score: 1, Informative

    Why would you kill ld.so? You might as well argue that statically linked binaries aren't suitable either, because you can accidentally kill the actual executables themselves.

  6. Re:25% by Anonymous Coward · · Score: 2, Informative

    This is just an option. The default way is still via static binaries.

    This won't change for some time (wheather it will change at all still has to be discussed).

  7. good and bad here by josepha48 · · Score: 4, Informative
    This is good in the case of people who want to run a system off a cdrom or floppy or flash memory. On a cdrom you don't need to worry about deleteing /usr cause it should be burned into the cdrom. Also any partitions that you need end up in ram / memory disks. /dev is a good example of a ram disk. By having a smaller /bin and /sbin one can suddenly have nice small routers / gateways using freebsd, instead of Linux.

    I'd imagine that if NetBSD and OpenBSD don't already have this ability it will be a matter of time as the BSD's share much between each other. Just look at the realpath vulnerability that they all were affected by.

    --

    Only 'flamers' flame!
    Does slashdot hate my posts?

    1. Re:good and bad here by vesamies · · Score: 3, Informative

      NetBSD is also using dynamic /bin, /sbin, not sure what OpenBSD is doing. This is not much of an ability since /usr/bin, /usr/sbin have always been dynamic, now everything is dynamic. Well, looks like everyone has all-dynamic system now, which is good.

    2. Re:good and bad here by MobyTurbo · · Score: 2, Informative
      I'd imagine that if NetBSD and OpenBSD don't already have this ability it will be a matter of time as the BSD's share much between each other.
      NetBSD has had dynamic root (with /rescue, etc.) in -current for months. :-)
    3. Re:good and bad here by JDizzy · · Score: 2, Informative

      I'd imagine that if NetBSD and OpenBSD don't already have this ability it will be a matter of time as the BSD's share much between each other.

      Silly didn't you know that FreeBSD is stealling this from NetBSD's dynamic world? Well they are. FreeBSD has also taken the idea of a /rescue incase one of the libs that is dynamicly linked by (say init) is damaged. This was also a NetBSD idea. I guess that leaves OpenBSD to make the changes, but they probably think dynamic bins is insecure or some shit because an attacker would simply replace a lib that contains harmfull code-fu.

      --
      It isn't a lie if you belive it.
  8. Re:bad bad bad by shlong · · Score: 4, Informative

    " not only will this affect performance, but it will also make it impossible to recover a server if you accidentally delete /usr,"

    What wasn't mentioned in the write-up is that /rescue contains statically-link versions of the tools that one would need to recover from problems. It might not be able to recover a deleted filesystem, but if you're trouncing careless around like that then there are plenty of other ways to shoot your feet off too.

    --
    Cat, the other, tastier white meat.
  9. Re:bad bad bad by R.Caley · · Score: 2, Informative
    Screw /usr. I still want to know how to recover the server after I accidentally deleted / last week...

    Stick in the fixit cdrom.

    You do keep a copy of /etc somewhere don't you?

    --
    _O_
    .|<     The named which can be named is not the true named