LD_PRELOAD attack
David Shaw
dshaw at jabberwocky.com
Thu Jun 12 02:57:44 CEST 2008
On Wed, Jun 11, 2008 at 08:11:36PM -0400, Faramir wrote:
> michael graffam escribió:
>
> >> Or turn on typescript by default.
> >
> >
> > Doesn't save GPG passphrases.
>
> Is typescrit some sort of keylogger? If it is, I don't see any reason
> why a keylogger can't catch the gpg passphrase (warning: there may be a
> very good reason for that, it is me the one that doesn't see it).
Typescript is sort of an output keylogger. It's mainly used to
produce a "script" of a session. It's true that it doesn't record
passphrases, but you can write a program that does the same thing.
Note, I left out a line of code in the previous example if anyone
wants to try it:
openpty(&master,&slave,NULL,NULL,NULL);
> So, if there is a way to increase security, I, as end user, would
> welcome it. But we need to always keep in mind security is never
> absolute. The only secure computer, is the one stored inside a safe.
Defending against LD_PRELOAD doesn't actually make GPG safer overall.
It just makes it more complex.
Incidentally, there is a really easy way to "defend" against
LD_PRELOAD in GPG: just make it setuid root. GPG is smart enough to
see it is setuid root and drop the root privs early, and most dynamic
linkers automatically disable LD_PRELOAD for setuid binaries.
David
More information about the Gnupg-users
mailing list