https://labs.portcullis.co.uk/blog/fixing-the-links-hardening-the-linker/

ForensicITGuy / libpreloadvaccine

Whitelisting LD_PRELOAD libraries using LD_AUDIT

MIT License

61 stars 7 forks source link

https://labs.portcullis.co.uk/blog/fixing-the-links-hardening-the-linker/ #1

Open timb-machine opened 5 years ago

timb-machine commented 5 years ago

Might be worth considering if we can merge these two concepts? I'm the author of the paper and patches referenced in that blog post...

PS I'm aware that the SSL is broken on the link to the patch itself at the moment, too many ideas and too little time.

ForensicITGuy commented 5 years ago

Hey @timb-machine, absolutely! I'm in favor of anything that implements this whitelisting approach closer to the dynamic linker code. Right now this tools is extremely easy to bypass, and the only way to really make it more resilient is to incorporate checks into the linker itself.