security of static linking

[Mohsen A. Momeni]

Hi,
Does it have any difference in security, whether to compile a function
as a static lib and link it with a program or just add the function to
the source?
In other words, suppose we have two files, func.c containing a
function which is called in main and main.c containing the main
function. what is the difference when we link func.o with main.o to
make a binary, with linking func.lib with main.o to make the binary,
concerning security issues?

Regards,

 

[Thad Smith]

Does it have any difference in security, whether to compile a function
as a static lib and link it with a program or just add the function to
the source?
In other words, suppose we have two files, func.c containing a
function which is called in main and main.c containing the main
function. what is the difference when we link func.o with main.o to
make a binary, with linking func.lib with main.o to make the binary,
concerning security issues?

This is not a C language issue, per se.

[OT]
The biggest difference, I think, is the certainty of knowing that the
correct version of the specified function is linked. Using a library
means knowing that the version in the library file is the one you
expect. Possible failures are due to

1) modifying the function source and not updating the library
2) modifying the function source, updating the library, then linking
with the wrong version of the library
3) having someone alter the library file behind your bank.

Recompiling the and directly linking the source eliminates problems 1
and 2. Your source could still be modified behind your back, but that
would be relatively easier to detect on inspection.

Verified digital signatures or secure hash values can be used to help
verify copies of the various files.
[/OT]

 

[Tor Rustad]

Hi,
Does it have any difference in security, whether to compile a function
as a static lib and link it with a program or just add the function to
the source?

It depends.

In other words, suppose we have two files, func.c containing a
function which is called in main and main.c containing the main
function. what is the difference when we link func.o with main.o to
make a binary, with linking func.lib with main.o to make the binary,
concerning security issues?

In high security environment, we MAC or digitally sign the module,
beforehand. Hence, only modules which has been certified, can be
dynamically loaded. So, if I write new firmware for a cryptographic
blackboks, I need to send the code away for audit, compiling and
signing, else the boot software (of the blackboks) will reject the
firmware to be loaded.

In a low-security environment... well who care? A trick I have used to
reverse-engineer modules, is to write a spy module, which has identical
interface and name as the genuine library, and if I place the spy module
in the current dir, it will load before the genuine library.... if that
is searched before the other paths.

Hence, such a spy module can intercept and log every call made, and
change the calls on the fly...