0

I'm a bit confused by the accesses permissions of a shared library constructor. I understand the constructor is run only once when the library is loaded. My question is one of permissions. If I create a design such that the executable that first loads the library has elevated permissions I assume it can then share those results with that other executable without elevated permissions that simply link to the library. Is this correct?

For instance, suppose in the constructor we read a file and set up a hash table using the values from that file. The file permissions are such that only root can read the file. Once the file is read other programs not running as root that need the values can get them from the hash table.

  1. First executable that loads the shared library runs as root and loads the values.

  2. All other programs that link to the shared library after it is initially loaded get access to the values even if they don't run as root. They get access to the data simply because they are using the shared library in which the initial values are already loaded.

Is this correct?

// pseudo code
// This is called on library load.  
static void foo_constructor( ) __attribute__( ( constructor ) );
void foo_constructor( )
{
    // Read in file with root only permissions and create map table
}

// This can be called by anyone using the shared library
std::map<std::string, std::string>& Foo:getMap()
{
   // Return map
}
sullyt
  • 33
  • 4
  • 1
    It seems that you do not have an accurate impression of how shared libraries work. When one process loads and initializes a shared library it doesn't mean that some other process suddenly finds itself with the same data in its own process space, if it loads the same shared library. Shared libraries don't work this way. – Sam Varshavchik Jul 13 '20 at 17:55
  • My confusion is one with the shared library constructor only. I understand that normally there is no data sharing. However, this post and others indicates that the shared library constructor is run when the library is first _loaded_ https://stackoverflow.com/questions/2053029/how-exactly-does-attribute-constructor-work , not every time a program is mapped to the shared library. So it run only when the dynamic loader loads the library into memory as part of the library initialization. So it seems to indicate the constructor can be used to do special initialization of the static shared data. – sullyt Jul 13 '20 at 18:46
  • https://stackoverflow.com/questions/25539021/is-attribute-constructor-guaranteed-to-be-called-exactly-once – sullyt Jul 14 '20 at 01:06
  • Yes, the first time the shared library is loaded, in the process, it runs the constructor. The first time another process loads the shared library, that constructor also gets run. By ***that*** process. Again: shared libraries don't work the way you think they work. All that "shared" means here, is letting the operating system employ some optimizations to avoid multiple copies of the same code getting repeatedly loaded in memory. But each process that loads the shared library continues to live in its own universe, isolated from other process's universes. Shared libraries don't change that. – Sam Varshavchik Jul 14 '20 at 01:47

0 Answers0