Full Disclosure mailing list archives
sandboxing
From: silvio () big net au (silvio () big net au)
Date: Sun, 15 Sep 2002 15:58:11 -0700
ok.. so like.. this is old hat, but it's never been talked about alot I spose.. i have mentioned it a few times before.. but oh well LD_PRELOAD is a poor mans sandbox when you think about it in terms of analysing a binary. because.. a binary that runs knows about all the shared libraries involved. look at the link map list.. you can just count them, and if you have too many.. something is whack. if your forensics guy is smart, he wont use an env variable for LD_PRELOAD, but more like /etc/ld.so.preload - but doesnt matter since everything is available anyway. ** ok.. quick comment.. who the hell uses libpcap in multithreaded code? i think they may have by now (or never) made it MT safe.. -- Silvio
Current thread:
- sandboxing silvio () big net au (Sep 15)
- sandboxing Michal Zalewski (Sep 15)
- sandboxing silvio () big net au (Sep 15)
- sandboxing Michal Zalewski (Sep 15)