Greg A. Woods <woods@weird.com> wrote:
>[ On Friday, December 21, 2001 at 17:36:47 (-0600), John Darrow wrote: ]
>> Subject: Re: RFC: migration to a fully dynamically linked system
>>
>> 2. There are times when it is useful for a program, whether statically
>> or dynamically linked itself, to (optionally) load pieces of code, etc.
>> from shared objects.  This is the functionality currently provided to
>> dynamically linked programs by dlopen(), but missing in statically
>> linked programs.
>
>I do not agree.  Any program which really needs the ability to load,
>even optionally, any additional code after having started, can always be
>dynamically linked.  This is the only way to even come close to
>preserving the integrity of the unix process security model.

You keep claiming this as a fact, but truthfully, it is an administrative
policy issue, not a technical issue.  At most, it only applies to
programs which are statically linked specifically for security reasons
(e.g. to avoid LD_PRELOAD-type attacks), not to statically-linked
programs in general.

>Furthermore I do not like the idea of ever allowing dlopen() to load any
>library that might also be statically linked.

Whether or not you like the idea is irrelevant.  The fact that shared
libraries can depend on other shared libraries makes it a necessity in
any complete solution (e.g. one which allows a program to contain both
statically-linked pieces of libraries and potential for dynamic loading.)

jdarrow

-- 
John Darrow - Senior Technical Specialist               Office: 630/752-5201
Computing Services, Wheaton College, Wheaton, IL 60187  Fax:    630/752-5968
Pager via email: 6303160707@alphapage.airtouch.com      Pager:  630/316-0707
Email: John.P.Darrow@wheaton.edu (plain text please, no HTML or proprietary)