Re: Remote exploitation of network scanners?

[David Wagner <daw () MOZART CS BERKELEY EDU>]

Peter Pentchev  wrote:
> I just had a funny idea - how about a application preloader or something
> that intercepts syscalls and/or library function calls, and when the time
> comes (configurable), drops privileges?  setuid(nobody) and stuff?
>
> Configurable on a per-application basis, as to just when the time has
> come - e.g. after a socket(), or after a bind(), or something like that..
> Has anybody thought along those lines?

Take a look at Janus, which does exactly this.  Yes, system call
interposition is extremely powerful, although the support for it
is awfully clunky/insufficient under many operating systems.

See <http://www.cs.berkeley.edu/~daw/janus/> for experimental code.
Comments, criticisms, and feedback are welcomed.

-- David