top | item 45607263

(no title)

dear lord. This is not new. ld_preload to do things like this existed even back when I was doing Cyber Defense Competitions at Iowa State back in '07

discuss

bpt3|4 months ago

Yep. Every few months, someone learns about this, thinks they've made a new discovery, and writes a breathless blog post imagining the possibilities of what can be done with it.

Spoiler alert, you almost certainly have been completely pwned already if someone can set LD_PRELOAD or modify /etc/ld.so.conf.

Retr0id|4 months ago

LD_PRELOAD "works as designed" but people who don't know about it often make false assumptions, leading to exploitable bugs.

One such assumption is "if /bin/foo is a trustworthy executable then any process with /proc/pid/exe pointing to /bin/foo is trustworthy"

jasongill|4 months ago

I remember using LD_PRELOAD for reverse engineering Linux binary-only apps in the late 90's so it's likely from much earlier than that, always has been a neat trick

lokar|4 months ago

It was also a way to defeat license managers for UNIX software back in the day…

frumplestlatz|4 months ago

It’s how I got my “license” for Apple’s discontinued Macintosh Application Environment back in the day.