I meant the easy way of replacing a shared lib (no need to be root): > LD_LIBRARY_PATH=/path/to/modified/shared/lib:$LD_LIBRARY_PATH > my_tool Am 20.06.2016 um 17:25 schrieb Ken Goldman: > Just one opinion: If your attacker can replace the libraries, they > have root access. They can hook into the keyboard, replace your > application, etc. If they have root access, you've already lost. > > OTOH, static link means that your application won't automatically get > security updates. > > On 6/20/2016 11:05 AM, Mirko Fit wrote: >> >> I've got some questions on the shared build of openssl. >> Is it safe to use the shared libraries libssl.so and libcrypto.so? >> Couldn't the shared libs be replaced by manipulated ones that intercept >> my calls and steal the passwords? >> I was wondering why every linux distrubutions comes with these shared >> libs if the scenario I described was possible. >> >> Thanks, >> Mirko >> > >
