Bypassing Security Protections by Backdooring libc

Presented at REcon 2008, June 14, 2008, 3:30 p.m. (30 minutes)

In this short talk, I will describe several methods obtaining root after obtaining a normal user account without actually exploiting anyhting except the inherent flaws in the typical UNIX security model. This is proof of concept talk to stimulate discussion and motivation for implementing better security models in UNIX.


Presenters:

  • Anthony de Almeida Lopes
    Anthony de Almeida Lopes is a computer security researcher and software developer at Outpost24 AB, in Sweden. Prior to working with Outpost24 AB, he worked for Dyad Security, in California. His research focuses on novel virus technology development and protection and non-specific exploitation of UNIX systems. Previously, at RECON 2006, he gave a talk on a proof of concept virus that took advantage of the NOP areas in executables generated for x86 UNIX, Windows and MacOS X systems for the purpose of increasing difficulty in detection.

Links:

Similar Presentations: