Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
bcoates
on Dec 17, 2012
|
parent
|
context
|
favorite
| on:
Linux terminal keylogger in userspace
Is there a way to send a secure attention command to su/sudo to protect against this?
Spidler
on Dec 17, 2012
|
next
[–]
Well, su/Sudo are suid bit programs, so that means LD_PRELOAD doesn't work on them
pea-tear
on Dec 17, 2012
|
parent
|
next
[–]
That's what this app does, it uses LD_PRELOAD to perform keylogging on both non-suid and suid apps.
iopuy
on Dec 17, 2012
|
prev
|
next
[–]
Echo the LD_PRELOAD environment variable first and check for anything suspect.
lordlicorice
on Dec 17, 2012
|
parent
|
next
[–]
Unless the shared object file also includes an override for the function that expands environment variables to lie about the true value of LD_PRELOAD.
est
on Dec 17, 2012
|
parent
|
prev
|
next
[–]
the twist: echo is also hijacked...
iopuy
on Dec 17, 2012
|
root
|
parent
|
next
[–]
Okay... just type "Export" then.
DannyBee
on Dec 17, 2012
|
root
|
parent
|
next
[–]
okay, so now the getenv call is hijacked too. You can play this game all day, as long as the environment is stored in user space, you can get it and fake the output.
AYBABTME
on Dec 17, 2012
|
prev
[–]
One way I can think of would be with a 2-factor authentication, such as:
http://wiki.gentoo.org/wiki/Google_Authenticator
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
