Re: Security issues question in the Files Transfer system of D-Rats
|
Yeah Glen, I like the ideas about the Symlinks from Mark...? I think in Windows the equivalent of /dev/null is $NULL from powershell or NUL?from a command prompt...
You'd have to iron out the particulars and exact syntax, but why not dump the temp directory contents to /dev/null?
This could be tuned on/off as desired, as well.
Other options:
- LD-PRELOAD ()"Another approach would be a LD_PRELOAD wrapper; basically a small shared library which is loaded before libc.so, and intercepts calls to "open" with something that checks the prospective file path and substitutes "/dev/null" if it would be in the target directory.This has the advantage of being (a) entirely in user-space - no kernel hacking required; and (b) only affecting the single errant application. A simple example is at
- Look into FUSE.
- A simple script to clobber any/all contents of the shared folder that runs often.
- SymLink shared folder contents to /dev/null.
|
Emile “Cheap Old Man” Diodene