| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080805110221.57e4b46c@infradead.org> Date: Tue, 5 Aug 2008 11:02:21 -0700 From: Arjan van de Ven <arjan@...radead.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Eric Paris <eparis@...hat.com>, "Press, Jonathan" <Jonathan.Press@...com>, Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org, malware-list@...ts.printk.net, linux-security-module@...r.kernel.org Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon access scanning On Tue, 5 Aug 2008 18:29:44 +0100 Alan Cox <alan@...rguk.ukuu.org.uk> wrote: > > And this can be done from userland with the preload: the > > "workaround" from the preload assumes you've already executed > > malicious code, which is outside of your protection scope. > > > > What am I missing? > > Scripts get either opened or exec'd... (ignoring stdin-fed scripts right now.. but that's a problem regardless) > Attempts to screen content can you explain? > Exec occuring after ld.so is compromised this is post-compromise scenario; if you have enough root rights to do that then it's game over. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists