fdlopen(3)
Dag-Erling Smørgrav
des at des.no
Thu Dec 29 18:04:41 UTC 2011
Xin LI <delphij at gmail.com> writes:
> Will this prevent e.g. writes to the .so file after open, but before
> fdlopen()?
The latest version of OpenPAM checks the ownership and permissions of
modules before it loads them; it will not load modules that are writable
by anyone except root and the process's euid. This patch prevents an
attacker from switching the .so file between the ownership checks and the
dlopen(3) call.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-arch
mailing list