Security of Linux and Unix Dynamic Link Libraries

In fact, all program execution depends on the database. In most modern Unix-like systems including Linux, the program uses dynamic Connection Library DLL by default) for compilation. In this way, you can update a database. If possible, all programs that use the database will use a new version that you want to improve.

The dynamic Connection Library is usually stored in several special directories. Normally, these directories include/lib,/usr/lib,/lib/security for PAM modules,/usr/X11R6/lib for X-windows, and/usr/local/lib.

There are some special conventions on Database naming and Database Symbolic connections, so that you can update the database. At the same time, you can continue to support programs that require older version libraries that do not have reverse compatibility. When executing a specific program, you can overwrite a specified library, or even overwrite a specified function in a specific library. This is a practical advantage of Unix-like systems over Windows-like systems. I believe that Unix-like systems have a better system to process library updates, this is also why Unix and Linux systems are considered to be more stable than Windows-based systems.

In a GNU glibc-based system that includes all Linux systems, the list of directories automatically searched when the program starts is stored in the file/etc/ld. so. conf. Many Red Hat distributions do not include/usr/local/lib in the/etc/ld. so. conf file. I think this is a Bug. To run many programs in the system originating from Red Hat, a general "fix" is required to add/usr/local/lib to/etc/ld. so. conf.

If you only want to overwrite several functions in a database and want to keep other functions in the database, you can do so in/etc/ld. so. enter the name of the database to be overwritten in preload. o files); these "pre-loaded" libraries will take precedence over the standard library. This type of preload file is usually used for urgent patching; the release usually does not contain such a file at the time of release.

It takes too much time to find all these directories when the program starts, so a cache management method is actually used. Program ldconfig (8) reads the file/etc/ld by default. so. conf, create a symbolic connection in the dynamic connection directory to follow the standard Convention), and then write the cache to/etc/ld. so. cache to be used by other programs. Therefore, once a DLL is added, a DLL is deleted, or the DLL Directory set is changed, ldconfig runs once, running ldconfig is usually a step required by the software package management program. At startup, the program uses the dynamic loading program to read the file/etc/ld. so. cache, and then load the required library.

Various environment variables can control this process, and in fact there are environmental variables that can overwrite this process, so you can temporarily replace a different library in a special execution process ). In Linux, the environment variable LD_LIBRARY_PATH is a group of directories separated by commas (,). Search for these libraries before searching for standard directory sets; this is useful when debugging new libraries or using non-standard libraries for special purposes. The variable LD_PRELOAD lists the target files of the functions that overwrite the standard set, just like/etc/ld. so. preload.

Without special measures, allowing users to control the dynamic Connection Library will have disastrous consequences for the setuid/setgid program. Therefore, when GNU glibc is implemented, if it is a setuid or setgid program, these variables and other similar variables will be ignored), or the role of these variables will be strictly limited. The glibc library of GNU checks program proofs to determine whether it is a setuid or setgid program. If the uid and euid are different, or the gid and egid are different, the library assumes that the program is a setuid/setgid program or its subroutine), and then strictly limits its ability to control the connection. If you load the GNU glibc library, you can see this situation;

Please take a special look at the elf/rtld. c and sysdeps/generic/dl-sysdep.c files. This means that if you make uid and gid equal to euid and egid, and then call the program, these variables will have full effect. Other Unix-like systems handle these situations differently, but for the same reason: A setuid/setgid program should not be overly affected by the environment variable set.