* Lennart Poettering: > On Sa, 30.03.24 18:56, Fedora Development ML (devel@xxxxxxxxxxxxxxxxxxxxxxx) wrote: > >> > In systemd git main, libsystemd is only linked to libc, libcap, >> > and libgcrypt + libgpg-error. A pull request to convert that that last >> > pair to dlopen is under review. >> >> That helps somewhat (it would have prevented this backdoor from working), >> but it also makes things even less transparent: How do we know whether some >> random sd_foobarify() function or some random foobard linked against >> libsystemd will (always or ever (and when?)) end up dlopening liblzma or >> not? >> >> Distribution packagers tend to dislike dlopen due to the hidden dependencies >> it introduces. > > Well, this is certainly a valid point, but the solution is not to make > all deps hard ones. Instead, in order to just make these deps visible > I see multiple better alternatives: > > 1. teach Linux/ELF something inspired by MacOS's weak deps. i.e. allow > ELF programs declare that some symbols shall be backed by some lib, > but make it a weak dep that is only resolved on demand, and > gracefully is set to NULL if the library cannot be found. If we had > that, we'd stop using dlopen() for systemd's deps, since all we do > is basically reimplement this concept manually. How exactly is this implemented? Is the object loaded on the first function call? I'd be worried that this made initialization even more complicated than it is today. Loading the object unconditionally (prior to the function call) doesn't make a difference for objects which are always installed on the system. They would always be loaded. Thanks, Florian -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
