I'm not sure how it's relevant exactly to TFA. The mechanism of propagation is a... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jiveturkey on April 30, 2024 | parent | context | favorite | on: I Built an Ld_preload Worm

I'm not sure how it's relevant exactly to TFA. The mechanism of propagation is an existing feature of libdl that uses an environment variable. With this worm, the loader still runs exactly as before, from libc and libdl.

As to restricting syscalls from certain calling libraries, macOS has this via entitlements, and I believe OpenBSD and/or NetBSD has this in some form as well.

saagarjha on April 30, 2024 [–]

Entitlements cannot protect against things in your own process. They are always used to gate clients either across a kernel-user or XPC boundary.

jiveturkey on April 30, 2024 | [–]

isn't that exactly what the parent was asking for? limiting syscalls.

EDIT: oh. but not limited to the caller from a specific system library.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact