Dynamic linking is less secure?
-
30-09-2019 - |
Question
I know the difference between static and dynamic linking, and this isn't another question asking for the difference (I have looked and read them). I didn't find any questions about the security of dynamic linking.
I have been reading the book, "Expert C Programming." It has a nice section on linking. If my understanding of it is correct, wouldn't a downside of dynamic linking be less security? If the program relies on the OS to provide a stable and proper library, then there is an opportunity for the libraries on the OS to be infected/malicious. There isn't much a program could do to prevent a tainted library.
Is this right?
Solution
This is true but to replace a DLL with a malicious one, an attacker would have to have write access to the file system. If they have that, then all bets are off - your security is compromised anyway.