On Fri, Jul 17, 2020 at 10:14 AM Malte Kraus
On Fri, 2020-07-17 at 09:56 -0400, Cristian Rodríguez wrote:
Of course this came to mind.. but I was looking at a system-wide thing that could possibly run at very early boot and maybe raise Cthulhu if something lame like fopen("/tmp/fixednamewithoutdotrandompart". "wb") is used by an application .
There's the LD_PRELOAD-based PathAuditor [1]. It would be interesting to see if it can boot up a full openSUSE system, and what it finds.
cat Dockerfile FROM opensuse/tumbleweed RUN zypper -n install --no-recommends gcc-c++ bazel systemd strace vim gdb COPY . /pathauditor/ RUN cd /pathauditor && bazel build //pathauditor/libc:libpath_auditor.so RUN echo "/pathauditor/bazel-bin/pathauditor/libc/libpath_auditor.so"
/etc/ld.so.preload CMD [ "/usr/lib/systemd/systemd" ]
kinda works with podman (because docker does not play nice with systemd) in the initial boot some false positives shown and UTS namespace didn't work for me, but could otherwise be used to find some interesting problems in apps ;) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org