[$] Identifying dependencies used via dlopen()
Date:
Tue, 16 Apr 2024 19:54:38 +0000
Description:
The recent XZ backdoor has sparked a lot of discussion about how the open-source
community links and packages software. One possible
security improvement being discussed
is changing how
projects like systemd link to dynamic libraries that are only used for
optional functionality: using dlopen() to load those libraries only
when required. This could
shrink the attack surface exposed by dependencies, but the approach is not without downsides most prominently, it makes discovering which dynamic libraries a program depends on harder.
On April 11, Lennart Poettering proposed one way to eliminate that problem in a systemd RFC on GitHub .
======================================================================
Link to news story:
https://lwn.net/Articles/969908/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)