On Tue, 2 Oct 2001, Rob Landley wrote:
> Anybody want to venture an opinion why overwriting executable files that are
> currently in use gives you a "text file busy" error, but overwriting shared
> libraries that are in use apparently works just fine (modulo a core dump if
> you aren't subtle about your run-time patching)?
> Permissions are still enforced, but it seems to me somebody who cracks root
> on a system could potentially modify the behavior of important system daemons
> without changing their process ID numbers.
> Did I miss something somewhere?
Somebody who cracks root can attach gdb to a daemon, modify the contents of
its text segment and detach. No need to change any files...
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:26 EST