On Tue, Nov 11, 2008 at 11:28 PM, Vimal <j.vimal@xxxxxxxxx> wrote: >>>> >>>> the sysadmin sets LD_PRELOAD to /lib/libunlinkwrapper.so which >>>> overrides the unlink() system call to add logging. >>>> >>>> now a nasty user wants to delete a file using unlink() (though she >>>> could use others to change the content of the file) without being >>>> traced by the sysadmin. to achieve this she could execute: >>>> LD_PRELOAD= rm <important_file> > > Can pre-loading such object files to override system calls (I think > it's called library interspersing or something...) be done on > executables with setuid bit set? (example: ping/su, etc...) > > -- > Vimal > It is called library interposing. AFAIK, LD_PRELOAD is automatically disabled for setuid binaries. -- Regards, Sandeep. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
