Let’s say I have a process “A” that loads a dynamic library “L”.
Q: Is there a way to disable access to the “exec” functions to functions inside “L”?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Let’s say I have a process “A” that loads a dynamic library “L”.
Q: Is there a way to disable access to the “exec” functions to functions inside “L”?
The dynamic library shares the same process space as the calling application, so it’s definitely not easy (and I think not possible, without also denying it to your application). If you can wrap the library in a separate application, then AppArmor or SELinux may help, but in general: why are you loading an untrusted library into your application?
You may also find that looking into how Chromium deals with sandboxing is helpful.