On Fri, May 05, 2017 at 10:48:30PM +0000, Christian Weisgerber wrote: > On 2017-05-05, "Peter J. Philipp" <[email protected]> wrote: > > > This is my second official contribution to what I call ELFSEC, it places a > > signature in binaries, in the ELF header to be exact. > -snip- > > How does this defend against binary code introduced as a shared > library by way of LD_LIBRARY_PATH or LD_PRELOAD? > > -- > Christian "naddy" Weisgerber [email protected]
Hi, It doesn't check shared libraries, afaik. If it did that then my test environment wouldn't work. So this is a gaping hole. I'll need some time to see where in the kernel shared libraries have their ELF header checked. Maybe the fix is trivial... Regards, -peter
