Let's say my piece of code scans a directory ./pluginsand loads .dlls / .sousing a well-known character (here is a "function") to expand its functional function, for example:
main.c
#include <stdlib.h>
#include <dirent.h>
#include <string.h>
#include <stdio.h>
#include <dlfcn.h>
int
main(void)
{
DIR *dir;
struct dirent *entry;
dir = opendir("./plugins");
if (dir == NULL)
return -1;
while ((entry = readdir(dir)) != NULL)
{
void *handle;
char path[PATH_MAX];
int (*function)(char *);
if (strstr(entry->d_name, ".so") == NULL)
continue;
if (snprintf(path, sizeof(path), "./%s", entry->d_name) >= sizeof(path))
continue;
handle = dlopen(path, RTLD_LAZY);
if (handle == NULL)
continue;
function = (int (*)(char *)) dlsym(handle, "function");
if (function != NULL)
fprintf(stdout, "function: %d\n", function("example"));
else
fprintf(stderr, "symbol-not-found: %s\n", entry->d_name);
dlclose(handle);
}
closedir(dir);
return 0;
}
This can lead to a serious security issue. If my application runs as root or has administrator rights, this means that any unprivileged attacker can execute code as a privileged user, creating a common object containing a function called as a well-known symbol (here, function).
What can I do to protect my folder plugins? How can I check if downloadable shared objects are safe?
This is a continuation of this issue .