2014-02-17 21:49 GMT+01:00 Marc Espie <es...@nerim.net>: > On Mon, Feb 17, 2014 at 07:48:44PM +0000, Miod Vallat wrote: >> > Attacks with LD_PRELOAD are very old and can >> > be performed on any OS where you have dynamic linking (Linux, *BSD >> > etc.), so yes, OpenBSD is "vulnerable" to this type of stuff. >> >> You forgot to mention that the value of LD_PRELOAD is ignored for set*id >> executables, in order to prevent these kind of games. >> >> Miod > > Last time I've seen abuse of LD_PRELOAD was with the "on" binary on > SunOS. Of course, that predated any kind of security, as on was > a stupid RPC program without any kind of setuid that simply "trusted" > getuid() on the client host. > > That was a bit like shooting fish in the barrel, it was about the same > time NFS earned its true name (Notreally a File System)... > > To put things in perspective, that was roughly 20 years ago.
At least on linux this type of abuse seem to be still (very) effective: http://blackhatlibrary.net/LD_PRELOAD http://blackhatlibrary.net/Azazel and of course PAM: http://blackhatlibrary.net/Hooking_PAM Daniel
