prelink: is it worth it?
mattdm at mattdm.org
Thu Jul 9 14:32:01 UTC 2009
Apparently there was some fun with prelink breaking everything in rawhide
recently: <https://bugzilla.redhat.com/show_bug.cgi?id=509655>. I didn't
notice, because like Pete Zaitcev says in the comments, removing prelink is
one of the first things I do.
I see it as adding unnecessary complexity and fragility, and it makes
forensic verification difficult. Binaries can't be verified without being
modified, which is far from ideal. And the error about dependencies having
changed since prelinking is disturbingly frequent.
On the other hand, smart people have worked on it. It's very likely that
those smart people know things I don't. I can't find any good numbers
anywhere demonstrating the concrete benefits provided by prelink. Is there
data out there? Pretty charts and graphs would be nice. The only things I've
been able to find are old and not very impressive:
Even assuming a benefit, the price may not be worth it. SELinux gives a
definite performance hit, but it's widely accepted as being part of the
price to pay for added security. Enabling prelink seems to fall on the other
side of the line. What's the justification?
Matthew Miller <mattdm at mattdm.org>
Senior Systems Architect
Computing & Information Technology
Harvard School of Engineering & Applied Sciences
More information about the devel