Date: Fri, 30 Dec 2011 18:46:53 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: kan@freebsd.org, Dag-Erling Sm??rgrav <des@des.no>, Xin LI <delphij@gmail.com>, arch@freebsd.org Subject: Re: fdlopen(3) Message-ID: <20111230164653.GQ50300@deviant.kiev.zoral.com.ua> In-Reply-To: <29241.1325260839@critter.freebsd.dk> References: <20111230142640.GO50300@deviant.kiev.zoral.com.ua> <29241.1325260839@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--JIZzZL2Ew2M9i6mq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 30, 2011 at 04:00:39PM +0000, Poul-Henning Kamp wrote: > In message <20111230142640.GO50300@deviant.kiev.zoral.com.ua>, Kostik Bel= ousov=20 > writes: >=20 > >Presented use case for fdlopen(3) is valid and useful IMO. >=20 > I agree, I even have a similar use-case in Varnish. >=20 > Has anybody racked their brains to make sure this doesn't have security > implications ? I am wondering what kind of security consequences you have in mind ? My initial concern with the patch was the lack of the name supplied for the loaded dso. But, the rtld already adds DT_SONAME to the names of the object, and later it checks for duplicates using vnode identity returned by fstat(2), so I removed the name argument from API. --JIZzZL2Ew2M9i6mq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk796v0ACgkQC3+MBN1Mb4g8UQCglkXyv0/QLWbQqkumCNGImiHo 5LYAoJBgMhb7R8U9I0n+709OzlLCxwCj =U4Bd -----END PGP SIGNATURE----- --JIZzZL2Ew2M9i6mq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111230164653.GQ50300>