[–] Stammon 6y ago ↗ I'm afraid this tool is very easy to circumvent. It only checks the first argument to a syscall for containing a forbidden path.But for example openAt gets it's path as the second argument.http://man7.org/linux/man-pages/man2/openat.2.htmlThis tool is a nice demo for how to use ptrace in golang. BUT PLEASE CHECK THE CODE BEFORE USING THIS FOR ANYTHING SECURITY RELATED [–] Stammon 6y ago ↗ Edit: OpenAt is not a valid counterexample since the program checks file descriptors. But e.g renameAt[0] allows to overwrite protected files. There are numerous other options to circumvent that tool too.[0]: http://man7.org/linux/man-pages/man2/renameat.2.html
[–] Stammon 6y ago ↗ Edit: OpenAt is not a valid counterexample since the program checks file descriptors. But e.g renameAt[0] allows to overwrite protected files. There are numerous other options to circumvent that tool too.[0]: http://man7.org/linux/man-pages/man2/renameat.2.html
2 comments
[ 3.1 ms ] story [ 17.9 ms ] threadBut for example openAt gets it's path as the second argument.
http://man7.org/linux/man-pages/man2/openat.2.html
This tool is a nice demo for how to use ptrace in golang. BUT PLEASE CHECK THE CODE BEFORE USING THIS FOR ANYTHING SECURITY RELATED
[0]: http://man7.org/linux/man-pages/man2/renameat.2.html