Not a real solution, because if LD_PRELOAD is already set, then the shell you type unset into might be overloaded as we'll, already.
You can't trust strcmp() or getenv() either, since the preloaded lib could be hooking them on you. I've was able to write a stealthed lib which successfully hides itself from calls to getenv, and ignore attempts to unset env vars. Manually walking the environment pointer reveals it, of course. On 6/11/08, Alexander W. Janssen <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > michael graffam schrieb: >> Thoughts? > > Run "unset LD_PRELOAD" before running gnupg if you don't trust the system? > > It's an inherent feature of the loader. Compiling everthing statically > only works around this inherent feature/problem, however you call it. > And it wouldn't prevent any other keyloggers or flaws in drivers. > > Just my 2c though. > >> -M > > Alex. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iQCVAwUBSE/3AxYlVVSQ3uFxAQJDywQAuFndAr3Woy5cEzZr8rU3kUz5ITHiKcRI > Vul18f+/qCYTnGnl6ipudePe3b0qycF83LxMvDO7sH9jQOud9vViLKAygqx77dBv > tgowk3H37gd/91QkZCfpLV05Im60sCX+d+4a9FDzKF8vcsA8ac1EIVUbbUOsftBv > VDrNMn6nTjo= > =64mR > -----END PGP SIGNATURE----- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Sent from Gmail for mobile | mobile.google.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
