Différences

Ci-dessous, les différences entre deux révisions de la page.

--- tech:notes_langage_c [2025/03/24 15:06] – créée - modification externe 127.0.0.1
+++ tech:notes_langage_c [2025/10/05 02:24] (Version actuelle) – Jean-Baptiste
@@ Ligne 51: / Ligne 51: @@
+== Surcharger un symbole
+Voir :
+https://stackoverflow.com/questions/2146059/limiting-syscall-access-for-a-linux-application
+Is the application linked statically?
+If not, you may override some symbols, for example, let's redefine socket:
+int socket(int domain, int type, int protocol)
+{
+        write(1,"Error\n",6);
+        return -1;
+}
+Then build a shared library:
+gcc -fPIC -shared test.c -o libtest.so
+Let's run:
+nc -l -p 6000
+Ok.
+And now:
+$ LD_PRELOAD=./libtest.so nc -l -p 6000
+Error
+Can't get socket
+What happens when you run with variable LD_PRELOAD=./libtest.so? It overrides with symbols defined in libtest.so over those defined in the C library.
+== Sécurité
+<code ->
+$ man gets
+...
+(DEPRECATED)
+Never use this function.
+BUGS
+       Never  use  gets().   Because  it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the
+       buffer, it is extremely dangerous to use.  It has been used to break computer security.  Use fgets() instead.
+       For more information, see CWE-242 (aka "Use of Inherently Dangerous Function") at http://cwe.mitre.org/data/definitions/242.html
+...
+</code>