[Dev] Tizen 3.0 proposal for applications launch

Carsten Haitzler c.haitzler at samsung.com
Thu Oct 17 02:57:19 GMT 2013


On 10/17/2013 12:06 AM, Schaufler, Casey wrote:
>
> But don't you have those same problems with a launcher? The launcher 
> pre-links
>

i never said i like the launcher either. :) i hate it. but it does speed 
things up. :)

> everything so the application doesn't get slowed by doing so. If you 
> change a library the launcher needs to do the relinking. Granted, 
> that's one place so it's a little bit better.
>
> And let's be clear. On a deployed phone, how often are you changing 
> system libraries in an API incompatible way? Dynamic libraries are a 
> boon for developers. For product they add unnecessary overhead and 
> precious little else.
>

its not a matter of being incompatible at all. if the memory address 
where a function is located chances at all (code is inserter or removed 
from the binary, re-ordered etc.), as long as the abi stays (at LEAST 
the same set of symbols as before with the same signatures for 
arguments), then its compatible - but prelink makes any change in 
address location an incompatible change. any change that could be a 
security fix could break prelink (unless re-prelinked).

and as for "unnecessary overhead" - i will have to vehemently disagree. 
if we just dumped shared libs entirely and statically linked 
everything... our memory footrpint AND disk footprint would bloat out 
immensely - but 10's or 100's of mb. we ALREADY are rather bloated in 
tizen. a tizen mobile memory footrpint is between 2 to 5 TIMES that of 
my own laptops/systems (give or take similar functionality ballpark). 
statically linking everything will bloat out our i/o needs as we cant 
re-cycle an already-loaded blob of shared code. we duplicate the memory 
for it AND the i/o to load it. not to mention "if there is a bug in a 
shared lib - security or otherwise, fix it once in one place and 
everyone gets the fix". if we statically compile ONLY those that 
re-build/link and re-ship their apps will get the fix. this is a major 
problem for security and bugfix update distribution to users - it 
massively bloats out the time and bandwidth needed to do it. :)

as a security guy you should also be concerned with prelink negating 
address space randomization... :)

>
>
>       
>
>       
>
>     See
>
>     http://www.macieira.org/blog/2012/01/sorry-state-of-dynamic-libraries-on-linux/
>
>     http://www.macieira.org/blog/2012/01/update-and-benchmark-on-the-dynamic-library-proposals/
>
>
>
>
>     _______________________________________________
>
>     Dev mailing list
>
>     Dev at lists.tizen.org  <mailto:Dev at lists.tizen.org>
>
>     https://lists.tizen.org/listinfo/dev
>
>
>
> -- 
> The above message is intended solely for the named addressee and may
> contain trade secret, industrial technology or privileged and
> confidential information otherwise protected under applicable law
> including the Unfair Competition Prevention and Trade Secret Protection
> Act. Any unauthorized dissemination, distribution, copying or use of the
> information contained in this communication is strictly prohibited. If
> you have received this communication in error, please notify the sender
> by email and delete this communication immediately.

-- 
The above message is intended solely for the named addressee and may
contain trade secret, industrial technology or privileged and
confidential information otherwise protected under applicable law
including the Unfair Competition Prevention and Trade Secret Protection
Act. Any unauthorized dissemination, distribution, copying or use of the
information contained in this communication is strictly prohibited. If
you have received this communication in error, please notify the sender
by email and delete this communication immediately.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20131017/a8d9cfe4/attachment-0001.html>


More information about the Dev mailing list