Why to exploit LD_PRELOAD like is shown here https://touhidshaikh.com/blog/?p=827 in the .c file the first instruction is unsetenv(LD_PRELOAD)? Is it a routine action which all shared libraries do? Or what? I've tried to run the exploit without unsetenv and the terminal was "hanging" not receiving ^C ^Z ^D.
Asked
Active
Viewed 1,073 times
1 Answers
0
Environment variables such as LD_PRELOAD
are inherited by child processes. The linked example overrides the _init
symbol to invoke a shell using system("/bin/bash")
. If the environment variable would not have been cleared, then it would effectively be stuck in an "infinite loop" when invoking system
.
If you watch your process list (using ps aux
for example), you will see a bunch of shell processes. The system library function creates a new process and executes /bin/sh -c "...."
. Every time, _init
is executed.
Lekensteyn
- 5,898
- 5
- 37
- 62
-
Thanks a lot. Is the _init the function called when a shared library starts? – Maicake Mar 17 '19 at 11:37
-
Apparently it is called when it is loaded, see https://www.tldp.org/HOWTO/Program-Library-HOWTO/miscellaneous.html#INIT-AND-CLEANUP – Lekensteyn Mar 20 '19 at 01:22