Re: [SECURITY] New version of ghostscript released

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] New version of ghostscript released
From: Colin Phipps <cph@netcraft.com>
Date: Fri, 24 Nov 2000 12:46:11 +0000
Message-id: <[🔎] 20001124124611.A23520@ns0.netcraft.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87d7fl6d2p.fsf@manon.intern.opera.no>; from tollef@add.no on Fri, Nov 24, 2000 at 08:31:26AM +0100
References: <200011230133.eAN1Xnc17387@fog.mors.wiggy.net> <[🔎] 20001123185117.A9696@llama.nslug.ns.ca> <[🔎] 87d7fl6d2p.fsf@manon.intern.opera.no>

On Fri, Nov 24, 2000 at 08:31:26AM +0100, Tollef Fog Heen wrote:
> * Peter Cordes 
> 
> |  There seems to be a lot of this going on.  Is it possible to modify glibc
> | so that it flags dangerous actions with stuff in /tmp?
> 
> You don't even have to modify glibc.  You can have a small library
> which you preload, and which puts itself in place of the functions you
> want to wrap.
[snip]
> or you could ptrace the process

Not a complete solution though - it's fiddly to make it work with setuid 
apps I imagine. OTOH it is very convenient for doing comprehensive 
logging, which I admit my solution (kernel patch) is not. I'd be 
interested to see a working version of this if someone has done it.

-- 
Colin Phipps                            http://www.netcraft.com/

Reply to:

Follow-Ups:
- Re: [SECURITY] New version of ghostscript released
  - From: Tollef Fog Heen <tollef@add.no>

References:
- Re: [SECURITY] New version of ghostscript released
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: [SECURITY] New version of ghostscript released
  - From: Tollef Fog Heen <tollef@add.no>

Prev by Date: Re: Temp file attack auditing
Next by Date: Re: [SECURITY] New version of ghostscript released
Previous by thread: Re: [SECURITY] New version of ghostscript released
Next by thread: Re: [SECURITY] New version of ghostscript released
Index(es):
- Date
- Thread