The Gateway to Computer Science Excellence
+4 votes
197 views
"Dynamic linking can cause security concerns as till run time path for searching dynamic library is not known."

Can someone explain this in his own and simple words?
in Operating System by Junior (559 points) | 197 views

3 Answers

+4 votes

If path of libraries are known already, i.e., at compiler time then OS knows the specific memory locations it will have to go and it won't be dealing with other unknown locations. Now in dynamic linking since the path is not known at compile time, there is a risk that a process might try to access unwanted memory locations during linking. That's why dynamic linking is less secure and needs to be handled carefully by the OS.

You can comment on the answers here for more insight:

https://gateoverflow.in/850/gate2002-2-20

by Loyal (5.4k points)
+1 vote

loading:- bringing the program secondary memory to main memory is colled loading.

STATIC LOADING:- loading the entire program into memory befor start of program execution is called static loading. for static loading static linking is used.

DYNAMIC LOADING ;- loading the program into memory on demand (during the execution) then it is called dynamic linking . for dynamic loading dynamic linking is used.

SO in dynamic linking searching dynamic libraries is not known till run time becz program is loaded on demand.so it is more secure.

but in case od static linking  libraries are known till run time. becz program is loaded befour execution so it is less secure

by Boss (36.5k points)
+1 vote

How security can be compromised?

When an application dynamically loads a dynamic-link library without specifying a fully qualified path name, Windows attempts to locate the DLL by searching a well-defined set of directories in a particular order, as described in Dynamic-Link Library Search Order. If an attacker gains control of one of the directories on the DLL search path, it can place a malicious copy of the DLL in that directory. This is sometimes called a DLL preloading attack or a binary planting attack. If the system does not find a legitimate copy of the DLL before it searches the compromised directory, it loads the malicious DLL. If the application is running with administrator privileges, the attacker may succeed in local privilege elevation.

For example, suppose an application is designed to load a DLL from the user's current directory and fail gracefully if the DLL is not found. The application calls LoadLibrary with just the name of the DLL, which causes the system to search for the DLL. Assuming safe DLL search mode is enabled and the application is not using an alternate search order, the system searches directories in the following order:

  1. The directory from which the application loaded.
  2. The system directory.
  3. The 16-bit system directory.
  4. The Windows directory.
  5. The current directory.
  6. The directories that are listed in the PATH environment variable.

Continuing the example, an attacker with knowledge of the application gains control of the current directory and places a malicious copy of the DLL in that directory. When the application issues the LoadLibrary call, the system searches for the DLL, finds the malicious copy of the DLL in the current directory and loads it. The malicious copy of the DLL then runs within the application and gains the privileges of the user.

Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx

Why bother using dynamic linking then?

Static linking is the result of the linker copying all library routines used in the program into the executable image. This may require more disk space and memory than dynamic linking

Source: https://kb.iu.edu/d/akqn

by Boss (11.5k points)
edited by
Quick search syntax
tags tag:apple
author user:martin
title title:apple
content content:apple
exclude -tag:apple
force match +apple
views views:100
score score:10
answers answers:2
is accepted isaccepted:true
is closed isclosed:true
50,737 questions
57,291 answers
198,210 comments
104,900 users