Why to exploit LD_PRELOAD like is shown here https://touhidshaikh.com/blog/?p=827 in the .c file the first instruction is unsetenv(LD_PRELOAD)? Is it a routine action which all shared libraries do? Or what? I've tried to run the exploit without unsetenv and the terminal was "hanging" not receiving ^C ^Z ^D.
Asked
Active
Viewed 1,073 times
1 Answers
0
Environment variables such as LD_PRELOAD are inherited by child processes. The linked example overrides the _init symbol to invoke a shell using system("/bin/bash"). If the environment variable would not have been cleared, then it would effectively be stuck in an "infinite loop" when invoking system.
If you watch your process list (using ps aux for example), you will see a bunch of shell processes. The system library function creates a new process and executes /bin/sh -c "....". Every time, _init is executed.
Lekensteyn
- 5,898
- 5
- 37
- 62
-
Thanks a lot. Is the _init the function called when a shared library starts? – Maicake Mar 17 '19 at 11:37
-
Apparently it is called when it is loaded, see https://www.tldp.org/HOWTO/Program-Library-HOWTO/miscellaneous.html#INIT-AND-CLEANUP – Lekensteyn Mar 20 '19 at 01:22