Talk about a coincidence.... I've been working on pretty much the same thing as discussed in this paper, however my focus has been on forcing a running process to load a shared object/library. The loaded library can then shield the process from known security vulnerabilities (or indeed subvert the process) without it needing to be restarted. I'll be presenting and demonstrating the tool resulting from this research (injectso) along with some other simple Unix process modification techniques (nothing new) at the BlackHat Briefings in Amsterdam on the 21st of November. Cheers, Shaun
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 19:10:32 PST