Linux Today: Linux News On Internet Time.

Linux.com: Introduction to snoopy

Jan 08, 2001, 20:58 (0 Talkback[s])
(Other stories by Marius Aamodt Eriksen)

"In modern UNIX operating systems, two core components come to mind; the kernel and the c library (libc). Together, they help perform the most important tasks of the operating system. The c library, through its system call wrappers and other functions act as a front end to many functions that reside in the kernel. For example, printing something on screen can be done via the c library call printf(). In this case, printf() is the interface provided by the c library, which in turn formats the string to be printed and tells the kernel, via system calls, to perform the actual printing on the screen since it is the kernel that ultimately has control over the hardware (since modern UNIX kernels run in protected mode)."

"Most executables, for a number of reasons, are linked dynamically. That is to say, functionality in the common libraries such as libc aren't compiled in to the executables. That functionality is rather referred to shared libraries present in a system. These libraries, called shared libraries, are common to most incarnations of the operating systems. Shared libraries are also often available as separate pieces of software."

"The component of the UNIX operating systems that make this possible is the dynamic linker and loader (commonly called "ld.so"). It is responsible for the determination of which shared libraries are needed as well as the loading of those libraries and referencing them to virtual addresses addresseable by the executable itself...."

"Although shared libraries present many advantages, they also have their disadvantages. One obvious point of failure of the system would be if the shared libraries are exploitable. Hence, the shared libraries must be trusted. If they are not, the system's security if fully up to that of the shared library. For example, consider an untrusted or exploited version of the c library. It has a version of the commonly used 'printf' function that not only carries out the tasks of the real printf, but in addition has a go at the filesystem, doing something similar to 'rm -rf /' when it is being called as root. This can be potentially disastrous. The first root user to come along could potentially ruin the system."

Complete Story