Friday, February 5, 2010

Runtime hot-patching processes w/o ptrace

I am a fan of achieving the same result with multiple, different,
solutions/implementations. In computer science (and security
in particular) this leads to real benefit and cutting edge
because if you have more ways to do it, you are not limited
or bound to techniques that may change, evolve or are
hardened/dropped completely. One such example is the injectso
I recently published. It uses ptrace(), but if you think
removing ptrace() from the kernel is a plus, have a look
at lasso. It does the same thing without using ptrace().


There is more than one way to Milano. 8-)


1 comment:

Anonymous said...

I guessed /proc/pid/mem, but I was wrong :-)

Fun idea.