JNI Signal Chaining and OWASP (Security)

Hank Edwards hedwards at crawfordtech.com
Fri Apr 12 20:24:06 UTC 2019 

Hi Nico;

Thanks for the suggestion, I was not aware the libjsig.so could be loaded like that.  I'm assuming you mean a loadlibrary("jsig"); in the .init.  It would also work I suppose to just add the .init to the original shared library going forwards too, instead of putting a wrapper library in-between?   I'll give that a try.

Regards;

Hank

Hank Edwards
Manager, Software Development
+1.416.923.0080
hedwards at crawfordtech.com
 
CRAWFORD TECHNOLOGIES INC.
60 St. Clair Avenue East, Suite 1002
Toronto, ON, Canada, M4T 1N5
http://www.crawfordtech.com

This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. 

Please consider our environment before printing this email.

Ce courrier électronique est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite. Si vous recevez ce courrier électronique par erreur, veuillez m'en aviser immédiatement, par retour de courrier électronique ou par un autre moyen. 

Devez-vous imprimer ce courriel? Pensons environnement.

-----Original Message-----
From: Nico Williams <Nico.Williams at twosigma.com> 
Sent: Friday, April 12, 2019 3:53 PM
To: Hank Edwards <hedwards at crawfordtech.com>
Cc: security-dev at openjdk.java.net
Subject: Re: JNI Signal Chaining and OWASP (Security)

You could simply move the original JNI DLL out of the way and replace it with a wrapper that does the signal handler setup in a .init section and otherwise has stubs for all entry points that simply call the real (now
renamed) DLL.

In Solaris/Illumos we'd call that wrapper a "filter", and Solaris/ Illumos has tools to make building a filter easier, but the concept is general enough and you can build the same sort of thing on Linux and Windows just as well.

Again, this is still code injection.  It's still likely to cause false alerts.  Again, I recommend taking this up with the vendors of the relevant security analysis tools.

Nico
--

More information about the security-dev mailing list