LD_PRELOAD attack
Alexander W. Janssen
yalla at fsfe.org
Wed Jun 11 21:37:15 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
michael graffam schrieb:
> Not a real solution, because if LD_PRELOAD is already set, then the
> shell you type unset into might be overloaded as we'll, already.
OK, that was new to me. I checked it with some simple tests [1] and
you're absolutely right. Unsetting doesn't help.
> Manually walking the environment pointer reveals it, of course.
Still not sure, what you're meaning?
But still: The LD_PRELOAD-thing is so fundamental - if you are not in
control of your running shell, you have a problem anyway. I don't think
it's up to gnupg to solve that problem.
It can't even - except static linking with puts you straight into
dependency-hell.
Alex.
[1] - some simple LD_PRELOAD tests: https://pastebin.ynfonatic.de/152
> On 6/11/08, Alexander W. Janssen <yalla at fsfe.org> wrote:
> michael graffam schrieb:
>>>> Thoughts?
> Run "unset LD_PRELOAD" before running gnupg if you don't trust the system?
>
> It's an inherent feature of the loader. Compiling everthing statically
> only works around this inherent feature/problem, however you call it.
> And it wouldn't prevent any other keyloggers or flaws in drivers.
>
> Just my 2c though.
>
>>>> -M
> Alex.
>
>>
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUBSFApaRYlVVSQ3uFxAQKnegP+M3XVbameZXPcP1eL/3IaPoGcSLU3tzzT
Apq5C3emiE1trRzFDsTOkUr6XtgYeF2Y3TTwQZE8yYh9eV4YCs99xtG16ucFq09I
h0aYMT7+HWiyUah/aSo6OqHTiRPABlJGwS13vk6J9hEnj67OH/2EWVGQQfsrlz/m
yS9jgsJ1Gcw=
=IiKv
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list