Subj : [$] Identifying dependencies used via dlopen()
To   : All
From : LWN.net
Date : Tue Apr 16 2024 21:00:05

[$] Identifying dependencies used via dlopen()

Date:
Tue, 16 Apr 2024 19:54:38 +0000

Description:
The recent XZ backdoor has sparked a lot of discussion about how the 
open-source
community links and packages software. One possible
security improvement being discussed
is changing how
projects like systemd link to dynamic libraries that are only used for
optional functionality: using dlopen() to load those libraries only
when required. This could
shrink the attack surface exposed by dependencies, but the approach is not
without downsides  most prominently, it makes discovering which dynamic
libraries a program depends on harder.
On April 11, Lennart Poettering proposed one way to eliminate that problem in 
a systemd RFC on GitHub .

======================================================================
Link to news story:
https://lwn.net/Articles/969908/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.