Re: Injectso to help with libc upgrades?

To: debian-security@lists.debian.org
Cc: Drew Scott Daniels <umdanie8@cc.umanitoba.ca>
Subject: Re: Injectso to help with libc upgrades?
From: Andrew Pimlott <andrew@pimlott.net>
Date: Thu, 1 May 2003 06:56:49 -0400
Message-id: <20030501105649.GS30778@pimlott.net>
Mail-followup-to: debian-security@lists.debian.org, Drew Scott Daniels <umdanie8@cc.umanitoba.ca>
In-reply-to: <Pine.GSO.4.40.0304301202340.23184-100000@deneb.cc.umanitoba.ca>
References: <Pine.GSO.4.40.0304301202340.23184-100000@deneb.cc.umanitoba.ca>

On Wed, Apr 30, 2003 at 12:07:33PM -0500, Drew Scott Daniels wrote:
> http://packetstorm.linuxsecurity.com/filedesc/injectso-0.2.1.tar.html
> describes injectso, "a tool that can be used to inject shared libraries
> into running processes on Linux (x86/IA32 and Sparc)...".
> 
> Maybe I misunderstand, but might it not be also possible to use this to
> inject replacements for shared libraries too?

Not reliably.  Even if you can replace the code in the process's
memory space, what if some data structures have changed and the
program already has some objects allocated?  There are doubtless
other issues as well (what if the old code is still in a cache?).

I'm sure you could concoct something that works "almost all" the
time, given some restrictions, like no changes to data structures.
But I almost guarantee that the security team will say 1) we don't
have time to verify the restrictions, and 2) "almost all" isn't good
enough.

Andrew

PS.  Your Mail-Followup-To: header should include the list address.

Reply to:

Prev by Date: Re: Injectso to help with libc upgrades?
Next by Date: Re: Injectso to help with libc upgrades?
Previous by thread: Re: Injectso to help with libc upgrades?
Next by thread: mgetty vulnerable?
Index(es):
- Date
- Thread