From the course: Threat Modeling: Spoofing In Depth
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Libraries (LD_PATH, %Downloads%)
From the course: Threat Modeling: Spoofing In Depth
Libraries (LD_PATH, %Downloads%)
- Libraries are special. They're files full of code that my code relies on, so it would be crazy to be lazy or hazy about the file I'm opening, right? Absolutely. And there are a few categories of failure which include trusting directories with weak permissions, environment variables which alter load behavior, and tools which are designed to manage the libraries in use. Directories with weak permissions include temp and the downloads directory. Running code from downloads is common behavior, and so drive-by download attacks include dropping DLLs which common installers will use. Weak permissions can also be an issue with references to the current or working directory with references like ./library.so. Do you know what directory that will reference? This can be more of an issue for privileged or set UID code where an attacker might want to manipulate what library gets loaded to take advantage of privilege. Environment variables like LD library path were also used for this purpose…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.