LD_PRELOAD attack
Alexander W. Janssen
yalla at fsfe.org
Wed Jun 11 19:05:22 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
michael graffam schrieb:
> Not a real solution, because if LD_PRELOAD is already set, then the
> shell you type unset into might be overloaded as we'll, already.
Now that's very true; but still my opinion is that if you can't trust
the system on which you're working, I wouldn't dare to use gnupg anyway.
Sure, you could link everything statically to gnupg, but that'd make
maintenance very very hard. For every revision of a dependant lib you'd
need adapt code, ship new source, recompile or ship new binaries.
Dependancy-hell.
Though a smartcard might help there...
> Manually walking the environment pointer reveals it, of course.
Not exactly sure what you mean there?
Alex.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUBSFAF0BYlVVSQ3uFxAQJslwP7BF16iyonCXhxH6bLseATu/j54LXrgOtB
ruBkamEHCdZUVTeXiq5W9SsFOEAbuXaEgtmV/mRsvtOM1doT9syQqx8+Y75BLja9
KFs++aDIx0mx6l01oacxTk8lJf59p9KiFvB+a6TQcWbbMnX1GCCkxj4u9OrByk+A
BHGGI3tb9Q4=
=RMFQ
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list