[Cryptography] Are dynamic libs compatible with security? was: Apple and OpenSSL

Bear bear at sonic.net
Sat Apr 19 19:50:21 EDT 2014

I have to say the OpenSSL guys really and truly had a point when they 
pointed out that dynamic linking is not fully or easily compatible 
with the goal of security libraries.  

Inconvenient as it was for Apple (and inconvenient as it is for others) 
we really shouldn't be relying on dynamic linking to load security 
modules.  Remember, in security we're in the business of guaranteeing 
that things we haven't quite planned for do *NOT* happen.  Dynamic
linking is a great way to get things to happen even though you haven't
quite planned for them.  In fact that's its main selling point; dynamic
linking means you automatically link to versions of the libraries other
than the ones you had available when you shipped, even if they contain 
code you don't quite know about and haven't quite planned for.  We 
assume this new code is better in the usual case; but in trying to 
secure systems against attacks, we should be regarding that new code 
as an attack vector and assuming that it is written by Shaitan.

The other mindset, where we're busily trying to get good things 
we haven't quite planned for to happen, values the hell out of 
dynamically linking to new bug fixes.  But in security we have to look 
at it from the POV of professionals in the art of being certain that 
bad things (like dynamically linking to new bugs!) do NOT happen, 
and I simply do not see that as being compatible with dynamically 
linking to, and therefore trusting, newly updated code sight unseen.

The other thing about dynamic linking is that from the POV of the 
people who are updating the code that you're linking to, YOUR software
is at least possibly an unknown quantity.  They probably haven't tested 
with it unless yours is one of the four or five best-known applications
that uses their stuff.  Even if the update isn't part of an attack and 
isn't written by Shaitan, it's a bit much to trust that your usage 
pattern which worked with the previous release absolutely is guaranteed
not to expose a flaw in the current release.  Hard linking guarantees 
that *somebody* tests the library together with the product before the 
new behavior created by their combination is unleashed on the public.

Is this something that Apple can explain to its users?  I don't know.
Apple has a history of cultivating a user culture that puts a negative 
value on complex technical explanations, and makes a point of not 
requiring them to sit through those, so it really was sort of between 
a rock and a hard place there.  To some extent though, everybody with 
a modern user community that expects everything to work the same way 
faces the same problem.  

More information about the cryptography mailing list