On Tue, Nov 11, 2008 at 3:56 PM, sandeep lahane <sandeep.lahane@xxxxxxxxx> wrote: > On Tue, Nov 11, 2008 at 3:34 PM, Matthias Kaehlcke > <matthias@xxxxxxxxxxxx> wrote: >> El Tue, Nov 11, 2008 at 02:29:34PM +0530 sandeep lahane ha dit: >> >>> Can you elaborate a little please? >> >> the sysadmin sets LD_PRELOAD to /lib/libunlinkwrapper.so which >> overrides the unlink() system call to add logging. >> >> now a nasty user wants to delete a file using unlink() (though she >> could use others to change the content of the file) without being >> traced by the sysadmin. to achieve this she could execute: >> LD_PRELOAD= rm <important_file> >> >> as LD_PRELOAD has been reset the overriden unlink() function of >> /lib/libunlinkwrapper.so would not be called >> >> -- >> Matthias Kaehlcke >> Embedded Linux Engineer >> Barcelona >> >> Ma patrie est où je suis, où personne ne me dérange, où personne >> ne me demande que je suis, d'où je viens et ce que je fais >> (B. Traven) >> .''`. >> using free software / Debian GNU/Linux | http://debian.org : :' : >> `. `'` >> gpg --keyserver pgp.mit.edu --recv-keys 47D8E5D4 `- >> > > > Got your point. > But IMHO, the order in which libs are preloaded matters i.e. if unlink > is wrapped in two libs good.so and bad.so > and good.so is preloaded earlier, say in ld.so.preload, and bad.so is > preloaded later on, unlink in good.so will be > called first. If this is correct then, it's just matter of who gets to > the machine first and preloads his/her lib. > > I think if this care is taken then, OPs problem is easier to solve. > -- > Regards, > Sandeep. > Off course, above argument holds true if LD_PRELOAD or ld.so.preload settings are not overwritten completely. -- Regards, Sandeep. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ