Hello, I have recently written a paper on a new technique that enables UNIX parasites to greatly expand their functionality. UNIX parasites have been recently recognized as a threat, but very little public work has been addressed to parasitic techniques. Without a clear understanding of the capabilities of this emerging threat, how can the security industry hope to adequately defend the Internet? This paper goes some step towards revealing an extremely powerful parasite technique that will hopefully awaken the world to the potential of UNIX parasites. Using this technique, developed into a methodology within the paper, it is extremely simple to create parasites with potent payloads. These parasites can be used to backdoor processes, or binaries, presenting a clear and present danger to the integrity of UNIX systems. A mechanism for subverting a process is about to be made public, so I shall refrain from discussing it further. This paper is availble in pdf from: http://hcunix.7350.org/grugq/doc/subversiveld.pdf "Development of feature rich Unix parasites has been severely limited by the inability to reliably access functions external to the host file. Until now, it has been accepted as fact that utilizing libraries from within parasite code is a prohibitively complex task. We explore the dynamic linking mechan- isms of the Executable and Linkable Format (ELF), and how these mechanisms can be bypassed or hijacked to allow parasite code access to shared objects. We demonstrate that it is not only possible, but also relatively simple, to load libraries and resolve symbols using a methodology developed within this paper. This methodology is simple to implement and can be utilized on any modern Unix supporting both the ELF and the /proc file system. Implementations of this methodology are presented for each of three popular Unix variants: Linux, FreeBSD and Solaris." peace, grugq [ grugq@hcunix.org ] [Begin shameless self-promotion] p.s. If you can offer me a job in the computer security field in either the UK or Europe, please let me know. [End shameless self-promotion]
