Forbid invocations of dlopen

2024-11-21 07:01:59 +00:00 · 2022-09-17 03:55:39 +02:00 · 2022-09-17 03:55:39 +02:00 · ecd4c29c2a
commit ecd4c29c2a
parent 31ebd34f5b
1 changed files with 30 additions and 0 deletions
--- a/programs/main.cpp
+++ b/programs/main.cpp
@ -402,6 +402,36 @@ void checkHarmfulEnvironmentVariables(char ** argv)
 }


+/// Don't allow dlopen in the main ClickHouse binary, because it is harmful and insecure.
+/// We don't use it. But it can be used by some libraries for implementation of "plugins".
+/// We absolutely discourage the ancient technique of loading
+/// 3rd-party uncontrolled dangerous libraries into the process address space,
+/// because it is insane.
+
+extern "C"
+{
+    void * dlopen(const char *, int)
+    {
+        return nullptr;
+    }
+
+    void * dlmopen(long, const char *, int)
+    {
+        return nullptr;
+    }
+
+    int dlclose(void *)
+    {
+        return 0;
+    }
+
+    const char * dlerror()
+    {
+        return "ClickHouse does not allow dynamic library loading";
+    }
+}
+
+
 /// This allows to implement assert to forbid initialization of a class in static constructors.
 /// Usage:
 ///