LD_PRELOAD attack

michael graffam michael.graffam at gmail.com
Wed Jun 11 20:03:47 CEST 2008


How does "physical security" have anything to do with env vars?

I'm not asking for gnupg programmers to try and thwart hardware keyloggers.

But just like we ask our software to do the Right Thing with respect
to say, defeating buffer overflows, it would be nice to do the Right
Thing and check environment sanity.

-M



On 6/11/08, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> michael graffam wrote:
>> Has anyone read the article in the most recent 2600 regarding using
>> LD_PRELOAD to eavesdrop on gnupg?
>
> My reaction to it has been to yawn.
>
> If you don't have physical security on your machine, you don't have any
> electronic security worth talking about.  We've known this for decades
> now.  This is just another example of what happens when people think
> they can have electronic security without physical control over the
> hardware.
>
>
>

-- 
Sent from Gmail for mobile | mobile.google.com



More information about the Gnupg-users mailing list