2014-02-17 20:20 GMT+01:00 Theo de Raadt <dera...@cvs.openbsd.org>: Theo, I think went wrong with this topic.
Firstly, I don't know of any vulnerability in order to gain privilege (e.g. uid 0) using LD_PRELOAD. I want it to be clearly defined. And yes, shown trick with LD_PRELOAD was cheap and didn't give any root rights etc. Despite this, "id" (or user) was tricked and thought that is the root (some even tried to read the /etc/master.passwd). > The above is no different from copying the "id" binary to a new place, > then hand-editing the binary to return 0 deep inside it, then running > this new copy. Whoohoo! Terrible risk! Modified code lied to me! Yes, but if you do that, the modified or hand-edited binary can be easily detected (hash sum) and analyzed. This means that it isn't the best way to hide a backdoor. Is that correct? So I have a question. If you already have root privileges and you want to run a backdoor and you want to make it difficult to detect (held only in memory - without modifying binary files), can you do so on OpenBSD by using LD_PRELOAD? Best regards, Daniel
