top | item 45607828

(no title)

Question... if you change the path wouldn't a decent security tool be able to identify that it is a different executable? Also, if you are allowing an executable to access a directory then the executable should also be protected. Thoughts?

discuss

richm44|4 months ago

If that same tool is unable to spot LD_PRELOAD in use then I'd suggest getting a new one. :-)

blibble|4 months ago

there aren't any decent security tools

it's snake oil

assume each and every VM is born compromised and deal with them accordingly

nathan_naveen|4 months ago

VMs are themselves untrustworthy we should be computing with paper and pencil (and flipping bits with an eraser)... Lol!

fulafel|4 months ago

I think you'd get a better reception if you started out talking about a digital forensics scenario, and not a vulnerability. There are a lot of ways to install backdoors and rootkits but the mechanisms used aren't called vulnerabilities in estabilished terminology.