[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: modifing libc to discover gets()/sprintf() calls
From:       Julian Assange <proff () SUBURBIA ! NET>
Date:       1997-01-30 20:03:52
[Download RAW message or body]

> My point to all this babble is, if (actually can) I dumped out the
> libc.a file, replaced the gets.o and the sprintf.o (assuming those
> are the correct files to modify) with some code from something
> like FreeBSD or Linux (again, assuming that it was compatible *gasp*)
> and added in a printf statement (or even better, a call to syslog())
> to say "Hey, gets() is being used in this program", then I could determine
> over time which programs are using insecure library calls. From there
> it could be established which programs are either suid root or running
> with root privs (like from inetd) and could be dealt with from there.
>
> I'm no library hacker, so is this even a doable task??
>
> --
> Chris Sheldon
> csh@viewgraphics.com
> Unix Sysadmin / Net Admin
>

No need for all this. Just create your own debugging versions of the
functions you want and LD_PRELOAD them in.

Cheers,
Julian <proff@iq.org>

[prev in list] [next in list] [prev in thread] [next in thread]