encrypted executables
Oliver Fromme
olli at lurza.secnetix.de
Thu Feb 21 17:11:50 UTC 2008
Dag-Erling Smørgrav wrote:
> ari edelkind <edelkind-freebsd-hackers at episec.com> writes:
> > Keep in mind that ptrace(PT_ATTACH,...) will fail if a process is
> > already being traced. As for core files, a process can use
> > setrlimit(RLIMIT_CORE,...) to disable core dumps, and individual memory
> > pages may be encrypted or unloaded, to be decrypted or loaded on
> > demand.
>
> The person running the application can trivially replace ktrace(),
> ptrace() and setrlimit() with non-functional stubs using LD_PRELOAD.
Right. And for a static binary (which doesn't respect
LD_PRELOAD), it's fairly trivial to patch the syscalls
so they're a no-op when called from the binary.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
In my experience the term "transparent proxy" is an oxymoron (like jumbo
shrimp). "Transparent" proxies seem to vary from the distortions of a
funhouse mirror to barely translucent. I really, really dislike them
when trying to figure out the corrective lenses needed with each of them.
-- R. Kevin Oberman, Network Engineer
More information about the freebsd-hackers
mailing list