Subject: Re: Libc and Directory Access
To: None <current-users@NetBSD.org>
From: Greg A. Woods <email@example.com>
Date: 07/18/2003 12:11:45
[ On Friday, July 18, 2003 at 01:36:10 (-0400), Chuck Yerkes wrote: ]
> Subject: Re: Libc and Directory Access
> No dynamic loads, perhaps a shared library, but that's ok.
A shared library (at least in NetBSD) _is_ loaded dynamically: once, at
the start of runtime, by the run-time link editor.
There are at least two major, though strictly only theoretical, security
related problems with shared libraries: (1) they are implemented by
dynamic loading and thus any dynamically linked program can then load
more shared code at will; (2) they generally load enormously large
libraries containing all kinds of uneeded code. Both issues are, in
theory at least, enormously useful to any attacker who can can foil the
program into breaking out of its normal and proper path of execution.
There's also of course a major performance hit for loading shared
libraries, as dynamic load modules, at the start of every execution of
every process. For the often common situation on many systems where
frequent short-lived processes are the norm this impact is of course far
more serious. For many purposes this performance issue far outweighs
the theoretical security issues of dynamically loaded shared libraries.
Shared libraries as kernel services avoid at least the problem of
leaving around dynamic load ability and a major part of the performance
problems, but of course NetBSD doesn't have those kind of libraries.
> I find dynamic useful when I don't have, hmmm, THE SOURCES?
All of my systems are migrating to be all static-linked _and_ I've also
removed as much of the bulk of code from places like the nsswitch
routines which is unnecessary for the environments my systems run in (no
NIS, no HESIOD)
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <firstname.lastname@example.org>
Planix, Inc. <email@example.com> Secrets of the Weird <firstname.lastname@example.org>