Context
/etc/ld.so.preload is a system-wide injection vector. No monitoring of its creation/modification.
Work
- Extend
daemon/self_protect.c watchdog: stat() on /etc/ld.so.preload. If exists and wasn't at baseline, emit event.
- New
cheats/ld_so_preload_writer.c
- Modify
tests/test_self_protect.c
Tests
3 unit + 1 E2E.
Part of v2.0.0
Context
/etc/ld.so.preload is a system-wide injection vector. No monitoring of its creation/modification.
Work
daemon/self_protect.cwatchdog: stat() on /etc/ld.so.preload. If exists and wasn't at baseline, emit event.cheats/ld_so_preload_writer.ctests/test_self_protect.cTests
3 unit + 1 E2E.
Part of v2.0.0