provide some strong warnings about dlopen

author deraadt <deraadt@openbsd.org>

Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)

committer deraadt <deraadt@openbsd.org>

Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)
author deraadt <deraadt@openbsd.org>
Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)
committer deraadt <deraadt@openbsd.org>
Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)
diff --git a/share/man/man3/dlfcn.3 b/share/man/man3/dlfcn.3

index 9ffa6b8..b839597 100644 (file)
--- a/share/man/man3/dlfcn.3
+++ b/share/man/man3/dlfcn.3
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: dlfcn.3,v 1.34 2022/12/13 02:50:01 guenther Exp $
+.\"    $OpenBSD: dlfcn.3,v 1.35 2023/08/26 01:38:28 deraadt Exp $
  .\"    $NetBSD: dlfcn.3,v 1.3 1996/01/09 19:43:34 pk Exp $
  .\"
  .\" Copyright (c) 1995 Paul Kranenburg
@@ -29,7 +29,7 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.Dd $Mdocdate: December 13 2022 $
+.Dd $Mdocdate: August 26 2023 $
  .Dt DLOPEN 3
  .Os
  .Sh NAME
@@ -305,3 +305,9 @@ being returned.
  Some of the
  .Nm dl*
  functions first appeared in SunOS 4.
+.Sh CAVEATS
+Loading untrustworthy libraries into the process's address space with
+.Nm dlopen
+is very dangerous because system-dependent initialization steps occur
+including the calling of constructor functions, even if the library
+is otherwise unused.
author	deraadt <deraadt@openbsd.org>
	Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)
committer	deraadt <deraadt@openbsd.org>
	Sat, 26 Aug 2023 01:38:28 +0000 (01:38 +0000)