lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20020915155811.D813@hamsec.aurora.sfo.interquest.net>
From: silvio at big.net.au (silvio@....net.au)
Subject: sandboxing

ok.. so like.. this is old hat, but it's never been talked about alot I spose..
i have mentioned it a few times before.. but oh well

LD_PRELOAD is a poor mans sandbox when you think about it in terms
of analysing a binary.

because.. a binary that runs knows about all the shared libraries involved.
look at the link map list.. you can just count them, and if you have too
many.. something is whack.

if your forensics guy is smart, he wont use an env variable for LD_PRELOAD,
but more like /etc/ld.so.preload - but doesnt matter since everything
is available anyway.

**

ok.. quick comment.. who the hell uses libpcap in multithreaded code?
i think they may have by now (or never) made it MT safe..

--
Silvio

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ