Re: [Alsa-devel] OSS driver removal, 2nd round

From: Lee Revell
Date: Sun Jul 02 2006 - 17:14:31 EST


On Sun, 2006-07-02 at 23:08 +0200, Jan Engelhardt wrote:
> >> Well you could patch the affected plugin's .dynstr table so that it should at
> >> best try to call a function that has not yet been defined somewhere else (like
> >> open); IOW, you change the .dynstr entry from 'open' to say 'my_open', and
> >> regularly include libmy.so through e.g. LD_PRELOAD.
> >>
> >> Of course the MD5 won't match afterwards, but I think the plugin should execute
> >> as usual afterwards, since .dynstr is something no app should rely on.
> >
> >Is this likely to work with an app like Skype that takes extensive steps
> >to thwart reverse engineers?
>
> We do not reverse engineer the .text section, but change the .dynstr
> section that is specific to the ELF format. I doubt any app out there md5s
> itself.
>

It's possible. They certainly try very hard to thwart reverse
engineers.

http://www.secdev.org/conf/skype_BHEU06.handout.pdf

Lee


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/