JNI Signal Chaining and OWASP (Security)

Nico Williams Nico.Williams at twosigma.com
Fri Apr 12 19:52:50 UTC 2019


You could simply move the original JNI DLL out of the way and replace it
with a wrapper that does the signal handler setup in a .init section and
otherwise has stubs for all entry points that simply call the real (now
renamed) DLL.

In Solaris/Illumos we'd call that wrapper a "filter", and Solaris/
Illumos has tools to make building a filter easier, but the concept is
general enough and you can build the same sort of thing on Linux and
Windows just as well.

Again, this is still code injection.  It's still likely to cause false
alerts.  Again, I recommend taking this up with the vendors of the
relevant security analysis tools.

Nico
-- 



More information about the security-dev mailing list