El Tue, Nov 11, 2008 at 02:29:34PM +0530 sandeep lahane ha dit:
> Can you elaborate a little please?
the sysadmin sets LD_PRELOAD to /lib/libunlinkwrapper.so which
overrides the unlink() system call to add logging.
now a nasty user wants to delete a file using unlink() (though she
could use others to change the content of the file) without being
traced by the sysadmin. to achieve this she could execute:
LD_PRELOAD= rm <important_file>
as LD_PRELOAD has been reset the overriden unlink() function of
/lib/libunlinkwrapper.so would not be called
--
Matthias Kaehlcke
Embedded Linux Engineer
Barcelona
Ma patrie est où je suis, où personne ne me dérange, où personne
ne me demande que je suis, d'où je viens et ce que je fais
(B. Traven)
.''`.
using free software / Debian GNU/Linux | http://debian.org : :' :
`. `'`
gpg --keyserver pgp.mit.edu --recv-keys 47D8E5D4 `-
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
