On 17 Jul 2011, at 2:00pm, Pavel Ivanov wrote: >> I can only control the databases and the libsqlite.so. >> Is everything clear? > > How do you do that, I wonder? Why do you think that applications you > don't control will always use your libsqlite.so? They may not use > libsqlite.so at all (compile SQLite sources into application) or use > whatever library they want even by simple providing their own value of > LD_LIBRARY_PATH. So what makes you think that you control > libsqlite.so?
Suppose I wanted to subvert an existing application that kept data in a SQLite database, I might not be able to modify the application itself, and might not have access to the database file. It would be really useful to be able to replace the app's SQLite library with my own, where I could secretly observe/modify the SQL calls made by the application. Of course my hacked SQLite library would have to be able to tell the difference between being called the app that adds interest to bank accounts (which should add interest to my special account), but the weekly reports app shouldn't see it. Using the process name would probably help there. I'm just saying. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
