| UNIX Privilege Escalation Without Exploitation
Details of the LD_PRELOAD Attack
  • Exploit an application in the previous security context. For example, Mozilla Firefox.
  • Upload a shared object with a trojaned copy of execve(2)
  • Overwrite ~/.profile (or similar) with

    export LD_PRELOAD=$PATH_TO_TROJAN_LIBRARY

  • Any newly spawned shells will have the trojan and as before,

    su -c "cat /var/log/messages"

    becomes

    su -c "bad-code-here; cat /var/log/messages"