Autor: Peter Galbavy Data: Para: Sean Witham, Exim Users Mailing List Assunto: Re: [Exim] Exim and IBM DB2
> > However dlopen() is permanently available in the running program. > > New code can be loaded at any time. That's its purpose after all,
> > but it's also its downfall when it comes to privileged programs.
> > Leaving a privileged program free to load new code again at any
> > time after its execution is very nearly equivalent to a buffer
> > overflow. It makes many otherwise unexploitable vulnerabilities
> > much easier to exploit (you probably still have to get the code
> > into the host system's filesystem namespace, so maybe it isn't
> > always remotely exploitable)....
>
> Yes new code can be loaded at any time, as apoosed to just init time.
> Which mean YES you do re-introduce all the same risks that the
> programmers of ld.so had to face to the programmers (programmer) of
> exim.
Sorry to come into this out of place, but I mass deleted all my old exim
list mail.
Having dl_open() afailable is much like having exec() available. A program
does not have to be compromised with dynamic code, when a new static binary
would have the same effect. Hence the argument for denying dynamic loading
is bovine poo.
The mechanism, OTOH, for configuring what to load and when - now that is
important to protect.