Bugtraq mailing list archives
Re: modifing libc to discover gets()/sprintf() calls
From: proff () SUBURBIA NET (Julian Assange)
Date: Thu, 30 Jan 1997 20:03:52 +1100
My point to all this babble is, if (actually can) I dumped out the libc.a file, replaced the gets.o and the sprintf.o (assuming those are the correct files to modify) with some code from something like FreeBSD or Linux (again, assuming that it was compatible *gasp*) and added in a printf statement (or even better, a call to syslog()) to say "Hey, gets() is being used in this program", then I could determine over time which programs are using insecure library calls. From there it could be established which programs are either suid root or running with root privs (like from inetd) and could be dealt with from there. I'm no library hacker, so is this even a doable task?? -- Chris Sheldon csh () viewgraphics com Unix Sysadmin / Net Admin
No need for all this. Just create your own debugging versions of the functions you want and LD_PRELOAD them in. Cheers, Julian <proff () iq org>
Current thread:
- modifing libc to discover gets()/sprintf() calls Chris Sheldon (Jan 29)
- Re: modifing libc to discover gets()/sprintf() calls Julian Assange (Jan 30)
- Re: modifing libc to discover gets()/sprintf() calls Alan Cox (Jan 30)