LD_PRELOAD attack
michael graffam
michael.graffam at gmail.com
Wed Jun 11 18:58:48 CEST 2008
Not a real solution, because if LD_PRELOAD is already set, then the
shell you type unset into might be overloaded as we'll, already.
You can't trust strcmp() or getenv() either, since the preloaded lib
could be hooking them on you.
I've was able to write a stealthed lib which successfully hides itself
from calls to getenv, and ignore attempts to unset env vars.
Manually walking the environment pointer reveals it, of course.
On 6/11/08, Alexander W. Janssen <yalla at fsfe.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> michael graffam schrieb:
>> Thoughts?
>
> Run "unset LD_PRELOAD" before running gnupg if you don't trust the system?
>
> It's an inherent feature of the loader. Compiling everthing statically
> only works around this inherent feature/problem, however you call it.
> And it wouldn't prevent any other keyloggers or flaws in drivers.
>
> Just my 2c though.
>
>> -M
>
> Alex.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iQCVAwUBSE/3AxYlVVSQ3uFxAQJDywQAuFndAr3Woy5cEzZr8rU3kUz5ITHiKcRI
> Vul18f+/qCYTnGnl6ipudePe3b0qycF83LxMvDO7sH9jQOud9vViLKAygqx77dBv
> tgowk3H37gd/91QkZCfpLV05Im60sCX+d+4a9FDzKF8vcsA8ac1EIVUbbUOsftBv
> VDrNMn6nTjo=
> =64mR
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
Sent from Gmail for mobile | mobile.google.com
More information about the Gnupg-users
mailing list