|
|
|
|
|
|
by robertdfrench
36 days ago
|
|
|
> The game was lost as soon as the attacker had arbitrary code installed in a semi-common library. That is not quite true! You still have to get the code to be executed. I can call dlopen on a malicious library, load it into my address space, and still not necessarily invoke any dangerous functions. What ifunc did in this case is allow the attacker to manipulate symbols so that calls to real, well-behaved xz routines were instead redirected to the attack payload. |
|
|