Securely loading libraries (Linux)

Now that I’ve said loading libraries in Linux is insecure, let’s just cursorily examine how that is…

I require a digitally signed .so. Being a decent sort of chap, I’ve decided to allow it to exist in a foo.so.signature file, alongside the library foo.so. it means that I don’t need to add it to the binary in another section of the .so. This generally complicates signature checking – you need to check the signature of the binary, while excluding the section containing the signature, which could itself be a mechanism for getting code into the system. This can be ameliorated by enforcing a size restriction on the signature section, but have you seen some of the code these days? it’s really fricking small.

the standard mechanism for loading foo.so, is to use the dlopen() call. Once you have completed this call any .init section of the library has been executed. you are pwned.

You need to open() the file, open() the signature. Compare the signature to the content of the file (you can use mmap(MAP_PRIVATE) to ensure that changes to the underlying file do not affect the contents of your memory. Then you re implement dlopen(), alowing it to take either a file descriptor or a raw handle to memory and a size… it’s your call

Feckers, not making linux secure by default… oh, wait, this has existed since before linux…

Security is an ever developing process. the APIs need to evolve with the threats.