On 11.4.2014 19:42, Schaufler, Casey wrote:
No. Libraries are not security elements in a Linux system. There is nothing you can do in a library that you can't do directly in the client code. There is no way for Cynara to tell if the application is lying to it. You can certainly add Cynara calls to a library, but it is pointless because any denial can be circumvented.
One way to work around this is do it like we do in gSSO for method plugins. Each plugin is loaded by a loader binary as a separate process and library calls are translated over IPC.
This way the library doesn't run within the same process context, but is still as easy to implement as a library.
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
