On 6 Jan 2005, at 15:50, Lorenzo Hernández García-Hierro wrote: >> The two biggest issues are 1) it's trivial to bypass: >> $ /lib/ld.so /untrusted/path/to/program >> and 2) that there's no (visible/vocal) user base calling for the >> feature. > > About the point 1), yesterday i wrote just a simple regression test > (that can be found at the same place as the patch) and of course it > bypasses, this is an old commented problem, Stephen suggested the use > of > the mmap and mprotect hooks, so, i will have a look at them but i'm not > sure on how to (really) prevent the dirty,old trick. > About 2), just give it a chance, maybe it's useful and my work is not > completely nonsense. Well, I'm not a visible/vocal user base, but I do really like this TPE LSM module.
This archive was generated by hypermail 2.1.3 : Thu Jan 06 2005 - 12:55:09 PST