[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: modifing libc to discover gets()/sprintf() calls
From:       Alan Cox <alan () LXORGUK ! UKUU ! ORG ! UK>
Date:       1997-01-30 21:28:55
[Download RAW message or body]

> The only big problem I is that any difference between the libc.a and
> the running libc.so shared library would become painfully obvious
> after creating and installing the new shared library with the
> printf modifications.

Well one other approach would be to use some kind of ELF extension to
mark a symbol of type 'text, insecure'. Then the linker would link the binary
and report

fooprog: symbol _gets is insecure
fooprog: symbol _sprintf is insecure

Alan

[prev in list] [next in list] [prev in thread] [next in thread]