[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

prelink: is it worth it?

Apparently there was some fun with prelink breaking everything in rawhide
recently: <https://bugzilla.redhat.com/show_bug.cgi?id=509655>. I didn't
notice, because like Pete Zaitcev says in the comments, removing prelink is
one of the first things I do.

I see it as adding unnecessary complexity and fragility, and it makes
forensic verification difficult. Binaries can't be verified without being
modified, which is far from ideal. And the error about dependencies having
changed since prelinking is disturbingly frequent.

On the other hand, smart people have worked on it. It's very likely that
those smart people know things I don't. I can't find any good numbers
anywhere demonstrating the concrete benefits provided by prelink. Is there
data out there? Pretty charts and graphs would be nice. The only things I've
been able to find are old and not very impressive:


Even assuming a benefit, the price may not be worth it. SELinux gives a
definite performance hit, but it's widely accepted as being part of the
price to pay for added security. Enabling prelink seems to fall on the other
side of the line. What's the justification?

Matthew Miller <mattdm mattdm org>
Senior Systems Architect 
Cyberinfrastructure Labs
Computing & Information Technology 
Harvard School of Engineering & Applied Sciences

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]