Re: [SECURITY] New version of ghostscript released
On Fri, Nov 24, 2000 at 08:31:26AM +0100, Tollef Fog Heen wrote:
> * Peter Cordes
>
> | There seems to be a lot of this going on. Is it possible to modify glibc
> | so that it flags dangerous actions with stuff in /tmp?
>
> You don't even have to modify glibc. You can have a small library
> which you preload, and which puts itself in place of the functions you
> want to wrap.
[snip]
> or you could ptrace the process
Not a complete solution though - it's fiddly to make it work with setuid
apps I imagine. OTOH it is very convenient for doing comprehensive
logging, which I admit my solution (kernel patch) is not. I'd be
interested to see a working version of this if someone has done it.
--
Colin Phipps http://www.netcraft.com/
Reply to: