Pluggable Auth Modules / Bugs / #211 call dlopen with flag RTLD

#211 call dlopen with flag RTLD_GLOBAL

Milestone: feature-request

Status: closed-rejected

Owner: nobody

Labels: library (43)

Priority: 5

Updated: 2003-11-26

Created: 2002-09-01

Creator: Anonymous

Private: No

if you try to implement a pam module (pam_foo), which
uses dlopen to load a additional shared library, then
symbols (of pam_foo) are not known to this loaded
shared library.

If you pass a additional RTLD_GLOBAL to the dlopen
function, then the problem disappears.

I don't know if it is a big security risk to pass the
RTLD_GLOBAL to the dlopen (IMHO not).

Discussion

Steve Langasek - 2003-07-13

milestone: --> feature-request
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Steve Langasek - 2003-07-13

Logged In: YES
user_id=27418

It's not strictly a security problem, but why does the
object you're dlopening() from within a module need access
to symbols from the caller? This is almost always a sign of
poor library design.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Thorsten Kukuk - 2003-11-26

status: open --> closed-rejected
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Thorsten Kukuk - 2003-11-26

Logged In: YES
user_id=1142

The problem is, that you don't know from which
module the function is called, it could also be
a function with the same name from another
module.
Since we don't have a clean namespace for modules
and most modules exports more functions than necessary,
we should not do this or we can get very bad side effects,
if PAM modules calls the wrong functions.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

call dlopen with flag RTLD_GLOBAL

Group

Searches

Help

#211 call dlopen with flag RTLD_GLOBAL

Discussion