I am trying to use LD_PRELOAD
to preload a library with an application that has setuid permissions. Tried LD_PRELOAD
at first, and it seemed like it was being ignored with the setuid binary, though it was working when I tried it with others like ls
, dir
etc.
From the documentation of LD_PRELOAD:
LD_PRELOAD
A whitespace-separated list of additional, user-specified, ELF shared
libraries to be loaded before all others. This can be used to
selectively override functions in other shared libraries. For set-
user-ID/set-group-ID ELF binaries, only libraries in the standard
search directories that are also set-user-ID will be loaded.
I tried to put the library in /usr/lib
, /usr/local/lib
, and /usr/lib64
with setuid permissions as per this documentation above, but it still doesnt seem to work. If I dont give LD_PRELOAD
a path in the case where I have the library in the standard dirs with setuid, it cannot seem to find the library. If I give it the path, it does not do anything.
The setuid binary is a root permissions binary that runs in a non root user shell. Any thoughts? Not sure if I am missing a path, an environment variable, or I am misunderstanding the documentation above.
Edit: permissions as requested are:
Library:
-rwsr-sr-x 1 root root 72580 2012-02-10 07:51
App:
-rwsr-xr-x 1 root root 137517601 2012-02-10
env | grep LD
LD_LIBRARY_PATH=/usr/lib (I added this manually myself, usually LD_LIBRARY_PATH is empty)
LD_PRELOAD cannot be used with setuid. This is a security feature in linux.
For reference check this article, which goes into the detail on how to use LD_PRELOAD
to substitute some library calls with custom code, at the example of malloc
.