Re: modifing libc to discover gets()/sprintf() calls

[proff () SUBURBIA NET (Julian Assange)]

> My point to all this babble is, if (actually can) I dumped out the
> libc.a file, replaced the gets.o and the sprintf.o (assuming those
> are the correct files to modify) with some code from something
> like FreeBSD or Linux (again, assuming that it was compatible *gasp*)
> and added in a printf statement (or even better, a call to syslog())
> to say "Hey, gets() is being used in this program", then I could determine
> over time which programs are using insecure library calls. From there
> it could be established which programs are either suid root or running
> with root privs (like from inetd) and could be dealt with from there.
>
> I'm no library hacker, so is this even a doable task??
>
> --
> Chris Sheldon
> csh () viewgraphics com
> Unix Sysadmin / Net Admin

No need for all this. Just create your own debugging versions of the
functions you want and LD_PRELOAD them in.

Cheers,
Julian <proff () iq org>