This kind of thing is quite difficult to do generally, because it is very easy t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		saagarjha on April 3, 2024 \| parent \| context \| favorite \| on: Xzbot: Notes, honeypot, and exploit demo for the x... This kind of thing is quite difficult to do generally, because it is very easy to bypass, has significant performance impact, and has low reliability to boot.

acdha on April 4, 2024 [–]

I’m not saying it’s trivial, but in this case couldn’t you basically do W^X and watch process startup for anomalous behavior? Monkey-patching other libraries’ code should be pretty uncommon.

saagarjha on April 7, 2024 | [–]

That's not what liblzma is doing, it's patching GOT entries which are pure data.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact