Re: System call hooking in 2.6 kernel..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>
>>> the sysadmin sets LD_PRELOAD to /lib/libunlinkwrapper.so which
>>> overrides the unlink() system call to add logging.
>>>
>>> now a nasty user wants to delete a file using unlink() (though she
>>> could use others to change the content of the file) without being
>>> traced by the sysadmin. to achieve this she could execute:
>>> LD_PRELOAD= rm <important_file>

Can pre-loading such object files to override system calls (I think
it's called library interspersing or something...) be done on
executables with setuid bit set? (example: ping/su, etc...)

-- 
Vimal

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux