[Cialug] Re: [amesfug] Nix Shared Code Injection

Jonathan A. Kollasch jakllsch at kollasch.net
Thu Jan 5 13:19:31 CST 2006


On Thu, Jan 05, 2006 at 01:05:38PM -0600, Chris Hilton wrote:
> I've got a theoretical question.  It's come to my attention that the way in 
> which a lot of spyware works is through some API's in Windows (apparently 
> written for debuggers)  by injecting a dll into another running process.  The 
> standard process permissions apply, but you can inject from say bob.exe into 
> iexplorer.exe.
> My question is about Nix though.  Does anyone know if this can be done on Nix?

Well, it's been my understanding that nix is designed to keep processes
separate, esp. different user's processes.  As I understand it, processes
can't communicate with each other without explicitly allowing another
process to attach.

The dynamic linker can load additional code into a program however
(at least at start time).  But I think a program would need hooks
to do a spyware-like application.

Anyway wasn't a "virtual machine" multitasking model an after
thought in Windows?

> I've looked into Sys V IPC for shared memory and mmap and neither look like 
> you could involuntarily to anything to another processes memory space (it'd 
> have to open the same IPC location if I read correctly).
> I also looked at processes look like under gdb, and not under it:  They look 
> exactly the same.  I compared /proc/`pidof procName`/maps to compare.
>
> I'm not finding anything to suggest a way to do this, at least not a way that 
> wouldn't be against what the documentation says.  Does anyone know more about 
> this?  It's peaked my curiousity.

You probably know more than I.

	Jonathan Kollasch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20060105/54e0c509/attachment.pgp


More information about the Cialug mailing list