Hello,
(1) Dynamic linking depends on environment variables to find the dynamic libraries. Static applications are usually linked in a fairly clean environment, especially as compared to whatever happens to be there in a user environment.
How is that a bad thing, your PATH is an environment variable too? Is that a problem too?
(2) With dynamic linking, one infected library is the same as multiple infected applications. Can you imagine what would happen if an intruder put their own version libc onto your system?
This is what a lot of people say, but I do not believe this to be an issue and these are my reasons: Glibc is part of base, which is signed off by a trusted arch staff member, if you can't trust the arch staff then you can't use the distro simple. But even if you did get infected, how? You do not have write permissions to the lib directory, in other words, you would need to have given root permissions to a virus, in other words you have a lot more to worry about than glibc being infected, your entire system is compromised!!!! So I don't find the entire "Oh the library can be replaced with a malicious one" to be a good reason. Don't forget that a hacker can always relink a static link, so just because its bundled doesn't stop relinking of a malicious glibc library. This is also why binaries are owned by root, to stop users from modifying them and injecting malicious code. TL;DR in order for this attack to work, they would need root, and if they got root, then you have bigger fish to fry than a malicious library on your system. Thanks, -- Polarian GPG signature: 0770E5312238C760 Website: https://polarian.dev JID/XMPP: polarian@polarian.dev