libdl, no fdlopen function
connor horman
chorman64@gmail.com
Thu Jul 23 01:36:54 GMT 2020
Hello libc-help list,
libdl and <dlfcn.h> provides access to the runtime linker to allow programs
to load new shared objects at runtime. However, it only provides the
capability to load shared objects by name.
The freebsd libc provides an fdlopen function (See:
https://www.freebsd.org/cgi/man.cgi?query=fdlopen&sektion=3), which allows
you to open a shared object from a file descriptor. This has numerous
benefits, including the fact that you can test properties on the file
descriptor before loading it as a shared object (for example, you can
validate some signature on the shared object, or, in a privileged process,
check the file permissions to see if its owned by root + suid). Using
simply dlopen, a program cannot securely do this, as attempts to do so
would be vulnerable to TOCTOU exploits. (On linux systems with the /proc
filesystem, it is possible to write code that solves this, however it is
entirely a hack.)
I was wondering if there was a reason why glibc does not provide similar
functionality (even behind #define _BSD_SOURCE). It would likely be less
hacky than using the proc filesystem (and less prone to open("/proc",F_OK)
-> EACCESS/ENOENT).
More information about the Libc-help
mailing list