Lähettäjä: Theo Schlossnagle Päiväys: Vastaanottaja: Exim Users Mailing List Aihe: Re: [Exim] Exim and IBM DB2
On Monday, December 17, 2001, at 01:28 PM, Greg A. Woods wrote: > The issue of dynamically loaded code, at least in what I imagine is the
> way it might be used in this particular case, isn't a matter of
> convenience, and the risks are very much higher than you make them out
> to be.
Well, I have studied the research and I have bounced the problems off
our operating systems guys (here at Johns Hopkins) and most shared the
sentiment: "Despite the fact that Unix's security model is weak, I trust
dlopen a hell of a lot more than ld.so -- and EVERYONE uses that".
You have an immense amount of control with dlopen() that you don't have
when relying on the system's runtime dynamic linker. It is definitely
possible to write safe code using dlopen(). Setuid binaries (which exim
is) have all sorts of extra precautions built into them on all modern
unicies (e.g. Solaris, Linux, *BSD, Irix)
setuid perl is commonly used. Some operating systems do not support
"safe" shell scripts -- but that is an entirely separate topic. There
are "stupid" things a programmer can do while executing as a privileged
user, but the author of said code is expected not to -- and that is
reasonable. Other than that, they are safe. Perl uses dlopen() more
than any other program I know (for loading XS perl modules).
I trust Exim not to rely on user environment variables any more than it
should -- in other words, I trust exim to be "safe." If I dlopen() some
object on my system, I expect it to be written in the same way --
"safe". This isn't really even compromising security for convenience --
because it is just as safe as the system dynamic linker (and ~0% of
people statically compile Exim).
I trust Philip would research the pros and cons of this technique and
make a judgement call. I also trust that excellent documentation would
written _clearly_ highlighting any of the pit falls. These are the
things I have come to rely on from Philip and Exim -- and that is why I
use it :-)
--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7