All 1 entries tagged Preload

No other Warwick Blogs use the tag Preload on entries | View entries tagged Preload at Technorati | There are no images tagged Preload on this blog

June 09, 2007

Pro C is Pro

There was a discussion of how to lock down the compsoc gaming account, such that programs such as firefox couldn’t simply execute arbitrary files which they have downloaded. A suggestion brought to the table by Bucko & Fred was to simply use LD_PRELOAD to stop the necessary syscall being made. So after failing at tower defense and hero defense until gone 4am, I felt like trying something which firstly seemed to suit my skillset better and also achieve something more productive. The whole thing worked within about 20 minutes, which I attribute to google and C being quite good for this kind of thing. Here’s some code:

#include <stdio.h>

int execve(const char *filename, char *const argv [],char *const envp[]) {
printf(“in your syscalls, stopping your execs\n”);
return -1;
}

If you want to compile this, try pasting into ‘noexec.c’ and then running …

gcc -fPIC -shared -o noexec.so noexec.c

... now, compare the output between …

bash -c ‘exec ls -l’

... and …

LD_PRELOAD=./noexec.so bash -c ‘exec ls -l’

Realising how easy that was, brings many possibilities to the table, and I’m sure someone else has done them before, but its open my eyes somewhat.

a. dtrace implemented in userspace
b. implementing a security manager, similar to the one java has, but for arbitrary executables
c. hilarious comedy
d. FUSE in userspace (Bucko suggested this and he’s bloody right – does FUSE need to be a kernel module?)


May 2022

Mo Tu We Th Fr Sa Su
Apr |  Today  |
                  1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31               

Search this blog

Tags

Galleries

Most recent comments

  • Apart from the plea "can I have your old one?" (the yearning never diminishes) I'd like to leave you… by Sue on this entry
  • Unfortunately I still haven't seen a film for which you have to read up on quantum mechanics as I mi… by Sue on this entry
  • I've never been to watch a film before when it's been recommended that you first read up on quantum … by Sue on this entry
  • Well this is very interesting, i really liked reading this blog, this was very informative and very … by Mio Navman Spirit S300 on this entry
  • I thought it was fascinating. Griffin isn't like any other, media–trained, polished politician, and … by Tim on this entry

Blog archive

Loading…
RSS2.0 Atom

Hello

Not signed in
Sign in

Powered by BlogBuilder
© MMXXII