Re: Dynamic loading of code that is not on a filesystem.
- From: Tauno Voipio <tauno.voipio@xxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 14:30:58 GMT
fabrice.gautier@xxxxxxxxx wrote:
I guess I could, except I might not be in control of that.
Even using a temp file, there are some issues: How do you create a temp
file, write the code to it, and execute it, in a secure way.
My manpages tell me the best function to use to create a temp file is
tmpfile(). Unfortunately, tmpfile() doesnt give you the filename so you
cant execv() it.
The next best is mkstemp() which gives you a filename and open the file
with O_EXCL, which means no other process can tamper with it, but this
also mean you cant execve() it before you close it. Also depending of
your libc mkstemp mode is not safe.
Out of curiosity: Could you please tell why?
--
Tauno Voipio
tauno voipio (at) iki fi
.
- References:
- Dynamic loading of code that is not on a filesystem.
- From: fabrice . gautier
- Re: Dynamic loading of code that is not on a filesystem.
- From: "Nils O. Selåsdal"
- Re: Dynamic loading of code that is not on a filesystem.
- From: fabrice . gautier
- Dynamic loading of code that is not on a filesystem.
- Prev by Date: Re: ov518, xawtv and green image
- Next by Date: Re: Trolltech QT license question
- Previous by thread: Re: Dynamic loading of code that is not on a filesystem.
- Next by thread: return the "Processor ID"
- Index(es):
