Re: monit&dietlibc

monit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: monit&dietlibc

From:	Christian Hopp
Subject:	Re: monit&dietlibc
Date:	Tue, 12 Aug 2003 22:54:20 +0200 (CEST)

On Tue, 12 Aug 2003, Martin Pala wrote:

> Hi,
>
> i'm personally not interesting for these libraries yet (uClibc,
> dietlibc), so it is not my cup of tea and my +/-0 is here.
>
> The results seems interesting, staticaly linked monit could be very
> useful for security reasons (however because i don't know much about
> these libraries => i don't know how much trustfull these libraries are -
> it is possible that it is not such security advantage). We are now able
> to test security conditions pretty well with permission, checksum, uid
> and gid tests - if monit will be more independent of other "normal"
> applications (and their libc), it could be possible to use it in
> emergency situations for quick security check.
>
> Martin

The first idea of this test was to see how far you could go with
monit.  And the result that monit might only need 200kB on whatever
disk/flash (...) is fascinating.

I think it is actually much easier to check dietlibc/uclibc for
security holes then the bloated glibc.  Anyways, the use of dietlibc
showed up some possible problems which have been fixed (some missing
snprintf...).  The replacement gethostbyname against gethostbyname_r
is still pending.

Furthermore we got more portable for the getloadavg.  That might be
able to compile on more systems in the future.  Just a useful side
effect for this kind sidetracking.

The target of these libs are micro linux boxes in routers or other
embedded systems.  I see a big potential also for monit in these
applications.

Finally application which are directly related to init should be
independent of dynamic libraries (mount problems of nfs share...).
Libc replacements are much easier to handle then glibc.

Christian

-- 
Christian Hopp                                email: address@hidden
Institut für Elektrische Informationstechnik             fon: +49-5323-72-2113
TU Clausthal, Leibnizstr. 28, 38678 Clausthal-Zellerf.   fax: +49-5323-72-3197
                             pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/

[Prev in Thread]

Current Thread

[Next in Thread]

monit&dietlibc, Christian Hopp, 2003/08/12
- Re: monit&dietlibc, Christian Hopp, 2003/08/12
  - Re: monit&dietlibc, Christian Hopp, 2003/08/12
- Re: monit&dietlibc, Martin Pala, 2003/08/12
  - Re: monit&dietlibc, Christian Hopp <=
    - Re: monit&dietlibc, Martin Pala, 2003/08/13
    - Re: monit&dietlibc, Christian Hopp, 2003/08/13
    - Re: monit&dietlibc, Martin Pala, 2003/08/13
    - Re: monit&dietlibc, Jan-Henrik Haukeland, 2003/08/13
    - Re: monit&dietlibc, Martin Pala, 2003/08/13
    - Re: monit&dietlibc, Jan-Henrik Haukeland, 2003/08/13
    - Re: monit&dietlibc, Martin Pala, 2003/08/14
    - Re: monit&dietlibc, Jan-Henrik Haukeland, 2003/08/13
- Re: monit&dietlibc, Christian Hopp, 2003/08/13
  - Re: monit&dietlibc, Jan-Henrik Haukeland, 2003/08/13

Prev by Date: Re: monit&dietlibc
Next by Date: Re: FYI: 4.0 release status
Previous by thread: Re: monit&dietlibc
Next by thread: Re: monit&dietlibc
Index(es):
- Date
- Thread