Bug#391353: [Pkg-aide-maintainers] Bug#391353: aide: Doesn't work suitably on Xen enabled kernel because of statically linked libc

[Marc Haber]

On Fri, Oct 06, 2006 at 12:06:05PM +0200, Raphael Hertzog wrote:
> On Fri, 06 Oct 2006, Marc Haber wrote:
> > > So for etch, the right thing to do might be to provide additionnaly
> > > a binary dynamically linked and to use the dynamic one if you detect
> > > /proc/xen.
> > 
> > I beg to differ. I'll probably make aide bail out if /proc/xen is
> > detected.
> 
> This is the minimum, yes. However I would highly prefer having the
> possibility to run a less secure aide rather than not running it at all.

I feel like a dynamically linked aide is going to provide a false
sense of security.

> > > - either you provide two versions of the binary and you use alternatives
> > >   (or you modify the cron script to detect /proc/xen and to start the
> > >   right binary)
> > 
> > Send a patch, please.
> 
> What patch would you accept? You seem to not want my proposal of providing
> both a dynamicly linked version and a statically linked version...

I don't like the idea but I'd accept such a patch with an
appropriately worded description for the dynamically linked version.
I'd like two .debs to be built though, no idea if ftpmaster would
accept that. Maybe there would be need for an aide-base package.

> > > However it looks like there's no "libc6-xen-dev" to link statically a
> > > xen-enabled libc6...
> > 
> > That would be a libc6 bug.
> 
> Aurelien Jarno told it's very difficult to provide this. There's very
> little chance that you get that for etch.

I don't expect that for etch, we're freezing in like four days.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835