Subject: Re: RFC: migration to a fully dynamically linked system
To: None <email@example.com>
From: John Darrow <John.P.Darrow@wheaton.edu>
Date: 12/21/2001 18:31:06
Greg A. Woods <firstname.lastname@example.org> wrote:
>[ On Friday, December 21, 2001 at 17:36:47 (-0600), John Darrow wrote: ]
>> Subject: Re: RFC: migration to a fully dynamically linked system
>> 2. There are times when it is useful for a program, whether statically
>> or dynamically linked itself, to (optionally) load pieces of code, etc.
>> from shared objects. This is the functionality currently provided to
>> dynamically linked programs by dlopen(), but missing in statically
>> linked programs.
>I do not agree. Any program which really needs the ability to load,
>even optionally, any additional code after having started, can always be
>dynamically linked. This is the only way to even come close to
>preserving the integrity of the unix process security model.
You keep claiming this as a fact, but truthfully, it is an administrative
policy issue, not a technical issue. At most, it only applies to
programs which are statically linked specifically for security reasons
(e.g. to avoid LD_PRELOAD-type attacks), not to statically-linked
programs in general.
>Furthermore I do not like the idea of ever allowing dlopen() to load any
>library that might also be statically linked.
Whether or not you like the idea is irrelevant. The fact that shared
libraries can depend on other shared libraries makes it a necessity in
any complete solution (e.g. one which allows a program to contain both
statically-linked pieces of libraries and potential for dynamic loading.)
John Darrow - Senior Technical Specialist Office: 630/752-5201
Computing Services, Wheaton College, Wheaton, IL 60187 Fax: 630/752-5968
Pager via email: email@example.com Pager: 630/316-0707
Email: John.P.Darrow@wheaton.edu (plain text please, no HTML or proprietary)