From: Lutz Jaenicke <[EMAIL PROTECTED]> Lutz.Jaenicke> I have not looked into the engine code. It should Lutz.Jaenicke> however be possible to perform some string processing Lutz.Jaenicke> inside OpenSSL to generate the complete pathname. That's something I've thought of, but not in the way you did... Lutz.Jaenicke> Say, you check an environment variable "ENGINE_PATH" Lutz.Jaenicke> and build $ENGINE_PATH/name_of_engine when calling Lutz.Jaenicke> shl_load() Please tell me how $ENGINE_PATH is more secure than $SHLIB_PATH? Lutz.Jaenicke> and/or the application calls some engine_setup(shared_lib_path) Lutz.Jaenicke> and this shared_lib_path is then used when constructing Lutz.Jaenicke> the complete path name to the shared library... The way I was looking at it was that the only secure way would be to have an internal database in each engine, saying in what directories the shared library is usually installed, and simply avoid having options. That's the non-flexible way of handling it, I'm afraid, but the secure way. I get a bit depressed by this total lack of security when loading shared libraries, don't you? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/crypto/dso dso_dl.c
Richard Levitte - VMS Whacker Wed, 08 Nov 2000 01:07:27 -0800
- Re: cvs commit: openssl/crypto/dso dso_dl.c Mixmaster
- Re: cvs commit: openssl/crypto/dso dso_... Ulf Moeller
- Re: cvs commit: openssl/crypto/dso dso_... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/dso dso_... Lutz Jaenicke
- Re: cvs commit: openssl/crypto/dso dso_... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/dso dso_... Lutz Jaenicke
- Re: cvs commit: openssl/crypto/dso dso_... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/crypto/dso ... Lutz Jaenicke