ericherman / ld-preload-evil Goto Github PK
View Code? Open in Web Editor NEWmy workbook for exploring how LD_PRELOAD may be used to change program behavior
License: GNU General Public License v3.0
my workbook for exploring how LD_PRELOAD may be used to change program behavior
License: GNU General Public License v3.0
This code is like a workbook for exploring how LD_PRELOAD can be used to change the behavior of programs. CONCLUSIONS ----------- So far, I have learned that it is trivial to do "small evil" things, like changing behavior, but I do not yet see how to do "big evil" things, such as privilege escalation. Experimentally, I see two kinds of prevention (PRELOAD ignored and SUID ignored); I do not yet have a very full picture of how this is enforced or where it is enforced. My version of "man 8 ld-linix" says: For set-user-ID/set-group-ID ELF binaries, preload pathnames containing slashes are ignored, and libraries in the standard search directories are loaded only if the set-user-ID permission bit is enabled on the library file. In glibc/elf/rtld.c we see: 1484 /* The LD_PRELOAD environment variable gives list of libraries 1485 separated by white space or colons that are loaded before the 1486 executable's dependencies and prepended to the global scope 1487 list. If the binary is running setuid all elements 1488 containing a '/' are ignored since it is insecure. */ To me, LD_PRELOAD appears to be a great tool for legitimate modifying and instrumenting behavior, and does not seem to greatly widen risk of a system. COMPILING --------- At this time, the Makefile only supports linux. On linux systems, just type "make". ~/src/ld-preload-evil$ make This will build "lib.so.1.0" and "main" EXAMPLE USAGE ------------- eric@titan:~/src/ld-preload-evil$ ./main foobar eric@titan:~/src/ld-preload-evil$ LD_PRELOAD=./lib.so.1 ./main Doing evil stuff as UID: 1000, GID: 1000! foobar eric@titan:~/src/ld-preload-evil$ NO ESCALATION FROM A SUID BINARY -------------------------------- # on one system, it seems that LD_PRELOAD is not used with SUID root binaries: eric@titan:~/src/ld-preload-evil$ sudo chown root:root ./main eric@titan:~/src/ld-preload-evil$ sudo chmod 6777 ./main eric@titan:~/src/ld-preload-evil$ ls -l main -rwsrwsrwx 1 root root 11110 Oct 1 12:15 main eric@titan:~/src/ld-preload-evil$ ./main foobar eric@titan:~/src/ld-preload-evil$ LD_PRELOAD=./lib.so.1 ./main foobar eric@titan:~/src/ld-preload-evil$ # on another, it seems as if using LD_PRELOAD removes the SUIDness: eric@hinney:~/src/ld-preload-evil$ sudo chown root:root ./main eric@hinney:~/src/ld-preload-evil$ sudo chmod 6777 ./main eric@hinney:~/src/ld-preload-evil$ ls -l main -rwsrwsrwx 1 root root 11110 Oct 1 13:21 main eric@hinney:~/src/ld-preload-evil$ LD_PRELOAD=./lib.so.1 ./main Doing evil stuff as UID: 1000, GID: 1000! foobar eric@hinney:~/src/ld-preload-evil$ CONTRIBUTING ------------ Patches welcome; pull-requests welcome. Especially if you have clear demonstation of a way in which LD_PRELOAD can be used by a non-root user to do something which would scare a sysadmin. LICENSE ------- This is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.