Inject custom code or data into running process

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cdkrot@yandex.ru (Sayutin Dmitry)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Inject custom code or data into running process
Date: Tue, 03 Jan 2017 22:49:05 +0300	[thread overview]
Message-ID: <1263541483472945@web40m.yandex.ru> (raw)
In-Reply-To: <114118.1483472426@turing-police.cc.vt.edu>

Yes, I understand points you provide.

> but a royal pain to sandbox malicious code
My idea is to get some assistance from kernel on it (possible with source patch or kernel module),
but I would like to implement POC [proof-of-concept] myself, before showing it to the community.

Let me return back to the original question (injection of code/data)
LD_PRELOAD is quite a briliant way, but will not work on statically-linked code.

However it may be enough for POC.

03.01.2017, 22:40, "valdis.kletnieks at vt.edu" <valdis.kletnieks@vt.edu>:
> On Tue, 03 Jan 2017 22:24:11 +0300, Sayutin Dmitry said:
>
>> ?(If you want to know motivation for this -- I want to implement some new idea on sandboxing).
>
> There's pretty much nothing you can do inside the process to do sandboxing
> against code that doesn't want to be sandboxed. In other words, it's
> easy to sandbox possibly buggy code, but a royal pain to sandbox malicious
> code.
>
> Hint: You can lead a horse to code, but you can't force it to call it.
>
> For instance, using LD_PRELOAD is a good way to front-end calls to glibc
> code - but it doesn't do squat against malware that issues its own syscalls
> inline to avoid your front end.

Sayutin Dmitry <cdkrot@yandex.com>

     prev parent reply	other threads:[~2017-01-03 19:49 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-03 19:24 Inject custom code or data into running process Sayutin Dmitry
2017-01-03 19:45 ` Mike Krinkin
2017-01-03 19:54   ` Sayutin Dmitry
2017-01-03 20:11     ` Mike Krinkin
     [not found] ` <114118.1483472426@turing-police.cc.vt.edu>
2017-01-03 19:49   ` Sayutin Dmitry [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1263541483472945@web40m.yandex.ru \
    --to=cdkrot@yandex.ru \
    --cc=kernelnewbies@lists.kernelnewbies.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.