Posted Nov 26, 2004 5:52 UTC (Fri) by bluefoxicy
In reply to: Civilizing SELinux
Parent article: Civilizing SELinux
If I can LD_DEBUG=all and run a program, I can find the libraries it uses and find the symbols at offsets, and calculate that. You are indeed correct about this.
I also read that LAZY binding allows you to block STDOUT at critical points and exploit race conditions on infinite windows instead of milisecond-wide windows.
I for one am glad that Gentoo has a dedicated security team that either creates or abducts any patches that fix ANY security concern, rather than wander around and go "huh that might not really be a problem maybe we shouldn't change it . . . ."
bluefox@icebox ~/data/programming/woct $ LD_DEBUG=all su
You said something about posting to BugTraq about some of these vulns. Has nobody done this? It may not be the best way to get in bed with them, but if there's a security issue that *needs* *to* *be* *fixed*, it may just be time to hit them in the face with the frying pan of reality. Then again, I don't know; I'm too busy playing FF8 to think about this right now.
to post comments)