HackerTrans
トップ新着トレンドコメント過去質問紹介求人

MonkeeSage

no profile record

コメント

MonkeeSage
·2 年前·議論
Essentially the code patches ifunc resolvers to call into a supplied malicious object by surreptitiously modifying c files at build time (when ./configure && make is run) and links the compromised object files with a `now` linker flag that causes the ifuncs to be resolved immediately at library load time, which calls the patched resolvers while the process linkage table is still writable, which is the important part that allows them to just hijack the RSA_public_decrypt function in memory when the library is loaded.

There's an excellent technical breakdown of the backdoor *injection process here: https://research.swtch.com/xz-script