>>> >>> the sysadmin sets LD_PRELOAD to /lib/libunlinkwrapper.so which >>> overrides the unlink() system call to add logging. >>> >>> now a nasty user wants to delete a file using unlink() (though she >>> could use others to change the content of the file) without being >>> traced by the sysadmin. to achieve this she could execute: >>> LD_PRELOAD= rm <important_file> Can pre-loading such object files to override system calls (I think it's called library interspersing or something...) be done on executables with setuid bit set? (example: ping/su, etc...) -- Vimal -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ