Re: a utility for preventing exec() calls
Brought to you by:
xystrus
Menu
▾
▴
Re: a utility for preventing exec() calls
|
From: Russ A. <ea...@ey...> - 2019-02-07 19:19:37
|
Nick Cleaton <ni...@cl...> writes: > I made this, it might be interesting to anyone looking to implement > something like rssh, or to un-retire rssh itself: it allows you to > execute a program but trap any calls to libc exec* syscall wrappers that > the program might make: > https://github.com/ncleaton/libcallfilt > It provides a second line of defense if you've tried to block all of the > options that could exec arbitrary things but you may have missed > something. Thank you -- that's an interesting option! BTW, you probably want to add posix_spawn, posix_spawnp, and execveat. (Although a nice property of this approach is that it doesn't rely on finding every possible system call, only covering the ones that the legitimate program you're trying to spawn might use.) -- Russ Allbery (ea...@ey...) <http://www.eyrie.org/~eagle/> |
