Daniel Cegiełka said:
> yes, it is not possible to pledge a trap for user using LD_PRELOAD.
> hmm... definitely I'm wrong!
>
> but I have another example:
>
>
> --- cat fake.c ---
>
> #define print(s) write(1, (s), sizeof(s) - 1)
>
> int getuid() {
> return 32767;
> }
>
> int geteuid() {
> print("hello from fake geteuid()!\n");
> print("you're ");
> return 32767;
> }
>
> --- end cat ---
>
> # shell (as normal user):
>
> cc -shared fake.c -o fake
> LD_PRELOAD=./fake ksh
>
> and type: whoami
>
> As you can see, this is not possible to inject any code in "whoami".
> So we can sleep well. It doesn't work on OpenBSD ;]
You perfectly demonstrated your ability to alter the code that will be
run with your privileges. Still, it is useless as the injected code will
be running with your privileges, so this has no practical output. Either
you are able to demonstrate the way you raise your privileges using this
method or you failed to make your point.
--
Dmitrij D. Czarkoff
