Shamar: "@wolf480pl@mstdn.io Dynamic linking is what made…" - Qoto Mastodon

Dec 26, 2021, 15:51

Wolf480pl @wolf480pl@mstdn.io

@njoseph_1 such are the shortcomings of static linking

Shamar @Shamar@qoto.org

Dynamic linking is what made #log4shell possible in the first place.

But... what's log4j2?

Dec 26, 2021, 17:18 · · · ·

Dec 26, 2021, 18:43

Shamar @Shamar@qoto.org

@wolf480pl @njoseph_1

Nevermind, I'm too tired.

Didn't realize the 2 was referring to the log4j version.

Dec 26, 2021, 20:15

Wolf480pl @wolf480pl@mstdn.io

@Shamar @njoseph_1
Yes, but not all vulns are caused by dynamic linking. However all of them are fixed by updating the buggy code. If that requires rebuilding every binary (or a fat jar, or a docker image - all equivalents of a binary on different levels of abstraction), it makes the process slower and more laborious.

Sign in to participate in the conversation