General Musing

blaze your trail

Posts Tagged ‘gcc

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know. :)

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Proof of Concept: Overloading file operations with LD_PRELOAD

leave a comment »

Viaduct and sky 2, Scottish borders, 2010 - Viaduct and sky close to Melrose

In a discussion on Full Disclosure I added a reply which I would like to expand on here:

What I did for a project I was working on was I create a LD_PRELOAD library which overloaded the i/o operations and used gz and bz2. This could easily be adapted to overload with encryption library functions rather than compression libraries. You can also use this to keep the bash history in memory using a shared memory location.

What I did which inspired the message above was to replace a number of functions – including read, write and lseek – with custom functions. What the underlying custom code did was fingerprint – using the magic file – the file to discover which compression mechanism was being used for an existing file, and when creating a new file it would use the compression based on the value set in an environment variable. The file was never extracted to and only held in memory as these were mostly streamed to and from disk compressed, which means that with a little tweaking that these could include a stream cipher, provided the key is long enough to avoid stream cipher attacks.

For completeness I’ll add here that the code supported the formats listed below, and a number of other historic formats and others that I don’t recall:

  • gzip
  • bzip2
  • pkzip (deflate)
  • compress
  • lz

Somebody else’s LD_PRELOAD examples can be found here: LD_PRELOAD fun

Image source: John Davey

Written by Daniël W. Crompton (webhat)

February 8, 2011 at 12:39 pm

Follow

Get every new post delivered to your Inbox.

Join 3,126 other followers

%d bloggers like this: