0

Is there any way to load code/libary directly into RAM from the network in c on linux. It is possible in java using URLClassLoader but is there any way to implement the same functionality in c. So far i have found dlopen function in c to load so files, can this function be used to load an so file from the server/network?

Somil
  • 481
  • 3
  • 8
  • Do you have some requirement to not save it to a file first? Because saving it to a temporary file and using dlopen would be really easy. Also note that if you're hoping to keep people's fingers off your code it won't help because they can just attach to your download code and strip off a copy. – Zan Lynx Jul 11 '14 at 11:51
  • Btw on many Linux systems, /tmp is actually a **tmpfs**, so there is no harm in writing to it, plus it's blazing fast. – MightyPork Jul 11 '14 at 11:52
  • @ZanLynx this is the reason I don't want to download it to a temporary file, so that code can be protected. In java the same thing is implemented using the URLClassLoader class without any temporary file. – Somil Jul 11 '14 at 11:53
  • @Somil: My point was that if the person you are trying to keep the code away from is any sort of decent hacker, you can't do it. – Zan Lynx Jul 11 '14 at 11:54
  • 2
    To be honest, I don't think this is a thing a program should do. Are you inventing some kind of trojan or virus? Because for legit programs, this ridiculous secrecy and stealthiness wouldn't be needed. – MightyPork Jul 11 '14 at 11:54
  • @MightyPork No it is not a virus. actually we developing code which will be distributed to our clients. They will run this on their own server. So for security reasons and also for easy code updation we want to achieve this. – Somil Jul 11 '14 at 11:57
  • @MightyPork: Actually I think some game anti-cheating methods work like this. The server periodically changes its encryption methods and downloads a code package to the game client, which handles encryption and also checks for cheats. Since the code changes unpredictably, cheaters are almost always caught. – Zan Lynx Jul 11 '14 at 11:58
  • @MightyPork: Except that the really *good* cheaters write checks into their code to intercept the download, exactly as I said they could do, and disable cheats and hide when a new code package is found. – Zan Lynx Jul 11 '14 at 11:59
  • @MightyPork can we somehow force the temporary files to be only in ram using tmpfs? – Somil Jul 11 '14 at 12:00
  • If you have root access, you could make your own private tmpfs, but it is still accessible as files to the user, you have to mount it - so it's not really a solution for your security concerns. – MightyPork Jul 11 '14 at 12:03
  • You know, I bet that if you wrote the code so that it absolutely never used an external symbol that needed the linker to resolve, and build it with position independent code, you could just copy the function into RAM that you mmap yourself (to set the execute bit) and just call it through a function pointer set to the function's RAM address. – Zan Lynx Jul 11 '14 at 12:04
  • In which way is what you're trying to do a “security feature”? And for the updates: Most Linux distros have tools for doing this like dpkg or rpm. – mafso Jul 11 '14 at 12:10
  • @ZanLynx how can that be done for a library to be used from a server(external ip) – Somil Jul 11 '14 at 12:10
  • @mafso I am aware of the tools but our updates in the code are frequent that is why we want to link the library at the runtime. – Somil Jul 11 '14 at 12:12
  • all I am asking is that is there any way to replicate the functionality of URLClassLoader of java in c – Somil Jul 11 '14 at 12:19
  • What are your security concerns? – mafso Jul 11 '14 at 12:25
  • security concern is that the code binaries should not be stored in hard disk. – Somil Jul 11 '14 at 12:31
  • 1
    Keeping the file off the disk doesn't provide any real security, since an attacker can just dump the process's address space to find the code in RAM. – Wyzard Jul 11 '14 at 12:40
  • @Wyzard I agree on that point but still we want to dynamically load the code from server so that any change in code can be made easily on our server without notifying the clients about it. – Somil Jul 11 '14 at 12:47
  • 2
    So download the code to an `.so` file and `dlopen` it. When a new version is available, download that to another file, `dlclose` and delete the old one, and `dlopen` the new one. – Wyzard Jul 11 '14 at 12:48
  • @Wyzard yeah that is also what I am thinking right now. – Somil Jul 11 '14 at 12:51

0 Answers0