WingNews logo WingNews
top | item 42212332

(no title)

gorgonical | 1 year ago

The use of LD_PRELOAD as part of the attack surface makes me think that a statically-linked binary has some value. Not a maximalist approach like some experimental distros, but I think there's clearly some value in your standard userland utilities always performing "as you expect," which LD_PRELOAD subverts. Plenty of Linux installs around the world get on fine using BusyBox as the main (only?) userland utility package.

discuss

order

saagarjha|1 year ago

They load a kernel driver so your avoidance of LD_PRELOAD wouldn’t really be able to protect against this anyway.

gorgonical|1 year ago

Unless I misread they don't state exactly how the attack escalates privileges to install the driver. Could there be two versions of the attack with varying levels of severity?