[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: libldap and _r-functions

To: Kurt@OpenLDAP.org
Subject: Re: libldap and _r-functions
From: Luke Howard <lukeh@padl.com>
Date: Wed, 1 Jun 2005 08:56:49 +1000
Cc: rhafer@suse.de, openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
References: <200505251447.35261.rhafer@suse.de> <6.2.1.2.0.20050525074800.0591bca0@mail.openldap.org> <200505311139.43820.rhafer@suse.de> <6.2.1.2.0.20050531083820.0a79cdf0@mail.openldap.org>
Versions: dmail (bsd44) 2.6d/makemail 2.10

>Simply put, the NSS (and PAM) architecture is problematic in
>that all kinds of code which conflicts with the program can
>be linked in at run time.  The program has little protection
>from the module and the module has little protection from the
>program.  I don't view this as a OpenLDAP-specific problem,
>as there simply is little we can do to prevent program/module
>conflicts at the library level.  (Not to say that we couldn't
>use separate symbols in libldap and libldap_r, but more to
>say that use of separate symbols won't do all that much to
>prevent program/module conflicts that are inherit in the
>NSS (and PAM) architecture).

Probably the only way to avoid conflicts (unfortunately) is to
statically link libldap{_r} into nss_ldap, and ensure that its
symbols are not exported.

Of course, if we had have adopted a client/server architecture
for nss_ldap this could have been avoided...

-- Luke

--

References:
- libldap and _r-functions
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: libldap and _r-functions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: libldap and _r-functions
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: libldap and _r-functions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: libldap and _r-functions
Index(es):
- Chronological
- Thread