From ecd4c29c2aef8c3bd36136a0509144d9ef12016f Mon Sep 17 00:00:00 2001 From: Alexey Milovidov Date: Sat, 17 Sep 2022 03:55:39 +0200 Subject: [PATCH] Forbid invocations of dlopen --- programs/main.cpp | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/programs/main.cpp b/programs/main.cpp index fef0ad688e2..cc21015f5a7 100644 --- a/programs/main.cpp +++ b/programs/main.cpp @@ -402,6 +402,36 @@ void checkHarmfulEnvironmentVariables(char ** argv) } +/// Don't allow dlopen in the main ClickHouse binary, because it is harmful and insecure. +/// We don't use it. But it can be used by some libraries for implementation of "plugins". +/// We absolutely discourage the ancient technique of loading +/// 3rd-party uncontrolled dangerous libraries into the process address space, +/// because it is insane. + +extern "C" +{ + void * dlopen(const char *, int) + { + return nullptr; + } + + void * dlmopen(long, const char *, int) + { + return nullptr; + } + + int dlclose(void *) + { + return 0; + } + + const char * dlerror() + { + return "ClickHouse does not allow dynamic library loading"; + } +} + + /// This allows to implement assert to forbid initialization of a class in static constructors. /// Usage: ///