Re: Why replacing running executable file is forbidden, but overwriting of memory mapped shared object is allowed ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Nov 10, 2017 at 8:30 AM, Lev Olshvang <levonshe@xxxxxxxxxx> wrote:
> ...
> Besides to be security hole, I do not see any legitimate use except of live patching of shared object.
> I do not know whether production or mission critical system may take a risk of live patching, but development system
> would do a library update by stopping dependent application first.

Somewhat off-topic, but it may give some perspective...

Microsoft offers hot patching to avoid reboots and downtime. If I
recall correctly, some function calls are padded with no-ops so a jump
can be written in its place.

I think the Microsoft technology to do it is called the Detours
library. Its a neat library even when detached from the hot patching
use case. I used it several years ago to test DLL injections and
spinning up malicious threads to egress data. Also see
https://www.microsoft.com/en-us/research/project/detours/.

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux