Re: [SECURITY] New version of ghostscript released
* Colin Phipps
| Not a complete solution though - it's fiddly to make it work with setuid
| apps I imagine.
Make it syslog, and put it in /etc/ld.so.preload, which I believe
should work with SUID libraries as well.
| OTOH it is very convenient for doing comprehensive logging, which I
| admit my solution (kernel patch) is not. I'd be interested to see a
| working version of this if someone has done it.
I don't like hacking around in the kernel, I'm not that good a
programmer. ;) The only one which you skrew up for in user space is
yourself. Unless you run stuff as root, naturally.
#include <dlfcn.h>
typedef long int __time_t;
typedef __time_t time_t;
time_t time(time_t *t) {
time_t b;
void* f = dlopen("/lib/libc-2.1.3.so",RTLD_LAZY);
time_t (*time_g)(time_t *a) = dlsym(f,"time");
int (*printf_g)(const char *format, ...) = dlsym(f, "printf");
if (t != 0) {
(*printf_g)("Calling time\n");
b = (*time_g)(t);
*t += 86400;
(*printf_g)("Time is %ul\n", t);
(*printf_g)("Called time\n");
return b;
} else {
return (time_t)1000000;
}
dlclose(f);
}
Just a hack. And if you use it, make it check it's return values!
Right now, it changes the return value as well - so time(2) returns
for tomorrow.
compile with
gcc -ldl -fpic -shared fake-time.c -o fake-time.so
run with
LD_PRELOAD=./fake-time.so date
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
Reply to: