Application-relevant changes 2025:
Changes of security features
Prevent using RTLD_GLOBAL when loading shared libraries
When loading shared libraries (e.g. ACF or PLM components) the flag RTLD_GLOBAL was used for the dlopen() system call. This causes the symbols of a loaded library to become globally visible and may result in executing an unintended function.
The RTLD_GLOBAL flag is omitted now when loading shared libraries. Compatibility issues are not expected regarding this issue.
Removing unprivileged folders from ld.so.conf
Up to firmware 2024.6, the following folders or entries have been put into the file /etc/ld.so.conf :
/usr/local/lib include /opt/plcnext/appshome/ld.configs/*.conf
This was used to find user programs or *.so files that have dependencies on other *.so files but are not in the system. *.so files integrated into the system in this way are made known system-wide. They could therefore also be loaded by processes running under root privileges by mistake and thus cause all kinds of damage to the system. So that configuration needed to be removed.
From firmware release 2025.0 on, programs and *.so files that have further dependencies but are not present in PLCnext Technology must enter a fixed search path (rpath). This happens at the time of creation (linking) of the program or of the *.so file, or later by using chrpath.
Redesign of remoting to platform and security requirements
Security mechanisms in remoting do not work under all circumstances. In particular, security is restricted if there is more than one process running. From a security point of view, splitting processes is necessary. Firmware 2025.0 contains further preparations for a future splitting into several processes.
The only currently known effect is that multiple remoting sessions (logins) within one TCP connection are no longer possible.
ACF can restrict capabilities and UID/GID of processes
These measures are intended to achieve a better separation of system functions and user applications, so that applications cannot cause any damage to the system:
Up to firmware 2024.6, the entire ARP framework ran within a few processes. In addition, all processes ran with the same rights in the system. For example, an application also received all rights from the user that are actually only required for system functionalities. This needed to be reworked and firmware 2025.0 is prepared for such additional restrictions.
In special cases, authorizations that have been possible for applications before may no longer be available in the system with firmware 2025.0 or newer.
Verification of signed application update containers
PLCnext Engineer Application updates should be protected against modification so that only correctly signed PLCnext Engineer application update containers are accepted. In order to use this feature, users must sign such containers and upload certificates into the Code signing Trust List on the controller via the Security → Certificate management WBM 2 page. Then, in the Security → Project integrity WBM 2 page, the check needs to be enabled and configured.
App part types Linux Daemon and Shared Library
The app part types Linux Daemon and Shared Library are no longer supported. The reason given for this is the security risks that can emanate from these app part types.
Linux Daemon:
The Linux Daemon app part contained in the PLCnext Technology App is integrated into the system by the AppManager in such a way that it is started with root privileges by the initialization system at system startup. Since the AppManager cannot check the Linux Daemon itself, malicious code in the form of processes, one-time programs or scripts can be infiltrated in this way and called or started with root privileges. From firmware 2025.0, the OCI container app part type is supported as a successor.
Shared Library:
The Shared Library app part contained in a PLCnext Technology App is integrated into the system by the AppManager and made known to the entire system by calling ldconfig. The attack vector here is the possibility of replacing existing Shared Libraries app parts with the help of an app, and thus, injecting any programs with manipulated Shared Libraries that potentially contain malicious code without being noticed.