On Mon, Feb 17, 2014 at 07:48:44PM +0000, Miod Vallat wrote: > > Attacks with LD_PRELOAD are very old and can > > be performed on any OS where you have dynamic linking (Linux, *BSD > > etc.), so yes, OpenBSD is "vulnerable" to this type of stuff. > > You forgot to mention that the value of LD_PRELOAD is ignored for set*id > executables, in order to prevent these kind of games. > > Miod
Last time I've seen abuse of LD_PRELOAD was with the "on" binary on SunOS. Of course, that predated any kind of security, as on was a stupid RPC program without any kind of setuid that simply "trusted" getuid() on the client host. That was a bit like shooting fish in the barrel, it was about the same time NFS earned its true name (Notreally a File System)... To put things in perspective, that was roughly 20 years ago.
