>Em 18-02-2014 14:36, Dmitrij D. Czarkoff escreveu: >> You perfectly demonstrated your ability to alter the code that will be >> run with your privileges. Still, it is useless as the injected code >> will be running with your privileges, so this has no practical output. >> Either you are able to demonstrate the way you raise your privileges >> using this method or you failed to make your point. >Dmitri, > > We are not discussing privilege escalation. We assume that for >installing a rootkit, one has root access on the machine. Hence the root >in rootkit. What we are discussing is if it is possible, using >LD_PRELOAD, to inject code on the execution of any given programs, and >to be able to hide the fact that the machine has a rootkit installed >using this method.
This is total balony. The way you are using the word rootkit, it could now refer to anything from a gardening shovel or anything else. Very very sloppy. In the Unix context, the word rootkit has a very specific meaning. You're using the word wrong. LD_PRELOAD provides NO BENEFIT here, because a person who has already gained the privs will use another method to retain them, because LD_PRELOAD is a visible and useless deadend!
