[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] New version of ghostscript released

On Fri, Nov 24, 2000 at 08:31:26AM +0100, Tollef Fog Heen wrote:
> * Peter Cordes 
> |  There seems to be a lot of this going on.  Is it possible to modify glibc
> | so that it flags dangerous actions with stuff in /tmp?
> You don't even have to modify glibc.  You can have a small library
> which you preload, and which puts itself in place of the functions you
> want to wrap.
> or you could ptrace the process

Not a complete solution though - it's fiddly to make it work with setuid 
apps I imagine. OTOH it is very convenient for doing comprehensive 
logging, which I admit my solution (kernel patch) is not. I'd be 
interested to see a working version of this if someone has done it.

Colin Phipps                            http://www.netcraft.com/

Reply to: