RFE: Portable OpenSSH

Darren Moffat Darren.Moffat at eng.sun.com
Tue Mar 27 05:31:23 EST 2001 

>For a future release of Portable OpenSSH, it would be nice to have a
>./configure option to enable the binaries produced, to be statically
>linked.

Please don't do this, static linking is evil and I really wish it
wasn't supported anymore, see the following list of reasons why:

Issues with static linking
--------------------------

Static linking reduces the overhead when the program is started up, mainly
because relocations and other start-up activities are done at compile time.
However, static linking is generally discouraged. Here are some reasons :

* Static linking prevents libc_psr.so.1 from working for platform
  specifics. This library automatically enables dynamically linked
  programs from linking in platform specific versions of various
  library routines which are optimized for a particular platform.

* Static linking greatly increases working set size and disk footprint.

* Statically linked executables are NOT necessarily binary compatible
   between releases.
        eg. statically linked programs that use libsocket will
            failed if compiled on 2.5.1 or less and run on 2.6

* Running a static binary compiled on the base could cause a program
  to bypass some security checks when running under Trusted Solaris.
  This doesn't open a vulnerability but might mean a program won't
  get the extra privilege it was configured with.
 
* Patches to system libaries for bug fixes and performance enhancements
  are not automatically picked up by the application.  Consider security
  fixes to libc not being available to your application.

* Some debugging libraries/tools will fail to work properly.
        eg. malloc debugging.

* Localistation via setlocale(3c) / gettext(3c) is not supported when
  libc is statically linked.

When to use static linking
--------------------------

* The binary is critical to system operation when in single user-mode
  either for the startup of the OS or for disaster recovery.
 
* Statically linking a private (internal) libarary is okay.


Don'ts
------

* Statically link against libc
* Statically link against libdl


--
Darren J Moffat

More information about the openssh-unix-dev mailing list