Advertisements

General Musing

blaze your trail

Proof of Concept: Overloading file operations with LD_PRELOAD

with 2 comments

Viaduct and sky 2, Scottish borders, 2010 - Viaduct and sky close to Melrose

In a discussion on Full Disclosure I added a reply which I would like to expand on here:

What I did for a project I was working on was I create a LD_PRELOAD library which overloaded the i/o operations and used gz and bz2. This could easily be adapted to overload with encryption library functions rather than compression libraries. You can also use this to keep the bash history in memory using a shared memory location.

What I did which inspired the message above was to replace a number of functions – including read, write and lseek – with custom functions. What the underlying custom code did was fingerprint – using the magic file – the file to discover which compression mechanism was being used for an existing file, and when creating a new file it would use the compression based on the value set in an environment variable. The file was never extracted to and only held in memory as these were mostly streamed to and from disk compressed, which means that with a little tweaking that these could include a stream cipher, provided the key is long enough to avoid stream cipher attacks.

For completeness I’ll add here that the code supported the formats listed below, and a number of other historic formats and others that I don’t recall:

  • gzip
  • bzip2
  • pkzip (deflate)
  • compress
  • lz

Somebody else’s LD_PRELOAD examples can be found here: LD_PRELOAD fun

Image source: John Davey

Advertisements

Written by Daniël W. Crompton (webhat)

February 8, 2011 at 12:39 pm

2 Responses

Subscribe to comments with RSS.

  1. I like to get the code. Where can I get them?

    Ikem

    January 28, 2015 at 6:48 am


Please Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: