All 1 entries tagged Preload

Pro C is Pro

There was a discussion of how to lock down the compsoc gaming account, such that programs such as firefox couldn’t simply execute arbitrary files which they have downloaded. A suggestion brought to the table by Bucko & Fred was to simply use LD_PRELOAD to stop the necessary syscall being made. So after failing at tower defense and hero defense until gone 4am, I felt like trying something which firstly seemed to suit my skillset better and also achieve something more productive. The whole thing worked within about 20 minutes, which I attribute to google and C being quite good for this kind of thing. Here’s some code:

#include <stdio.h>

int execve(const char *filename, char *const argv [],char *const envp[]) {
printf(“in your syscalls, stopping your execs\n”);
return -1;
}

If you want to compile this, try pasting into ‘noexec.c’ and then running …

gcc -fPIC -shared -o noexec.so noexec.c

... now, compare the output between …

bash -c ‘exec ls -l’

... and …

LD_PRELOAD=./noexec.so bash -c ‘exec ls -l’

Realising how easy that was, brings many possibilities to the table, and I’m sure someone else has done them before, but its open my eyes somewhat.

a. dtrace implemented in userspace
b. implementing a security manager, similar to the one java has, but for arbitrary executables
c. hilarious comedy
d. FUSE in userspace (Bucko suggested this and he’s bloody right – does FUSE need to be a kernel module?)

: 09 Jun 2007 05:21 |  Tags: C Preload Programming |  Comments (4) |  Close comments |  Report a problem