|
|
|
|
|
|
by Stammon
2259 days ago
|
|
|
I'm afraid this tool is very easy to circumvent. It only checks the first argument to a syscall for containing a forbidden path. But for example openAt gets it's path as the second argument. http://man7.org/linux/man-pages/man2/openat.2.html This tool is a nice demo for how to use ptrace in golang. BUT PLEASE CHECK THE CODE BEFORE USING THIS FOR ANYTHING SECURITY RELATED |
|
|
[0]: http://man7.org/linux/man-pages/man2/renameat.2.html