带有setuid二进制文件的LD_PRELOAD [英] LD_PRELOAD with setuid binary

问题描述

我正在尝试使用LD_PRELOAD将具有setuid权限的应用程序预加载到库中.首先尝试了LD_PRELOAD，似乎它被setuid二进制文件忽略了，尽管当我与ls，dir等之类的尝试时，它可以工作.

I am trying to use LD_PRELOAD to preload a library with an application that has setuid permissions. Tried LD_PRELOAD at first, and it seemed like it was being ignored with the setuid binary, though it was working when I tried it with others like ls, dir etc.

摘自LD_PRELOAD的文档:

From the documentation of LD_PRELOAD:

   LD_PRELOAD
          A whitespace-separated list of additional, user-specified, ELF shared
          libraries to be loaded before all others.  This can be used to
          selectively override functions in other shared libraries.  For set-
          user-ID/set-group-ID ELF binaries, only libraries in the standard
          search directories that are also set-user-ID will be loaded.

我试图按照上面的文档将具有setuid权限的库放入/usr/lib，/usr/local/lib和/usr/lib64，但是它似乎仍然无法正常工作.如果我在带有setuid的标准目录中没有库的情况下不给LD_PRELOAD路径，则似乎找不到该库.如果我给它提供路径，它什么也不会做.

I tried to put the library in /usr/lib, /usr/local/lib, and /usr/lib64 with setuid permissions as per this documentation above, but it still doesnt seem to work. If I dont give LD_PRELOAD a path in the case where I have the library in the standard dirs with setuid, it cannot seem to find the library. If I give it the path, it does not do anything.

setuid二进制文件是在非root用户外壳程序中运行的root权限二进制文件.有什么想法吗?不知道我是缺少路径，环境变量还是误解了上面的文档.

The setuid binary is a root permissions binary that runs in a non root user shell. Any thoughts? Not sure if I am missing a path, an environment variable, or I am misunderstanding the documentation above.

编辑:请求的权限为:

图书馆:

-rwsr-sr-x 1 root root 72580 2012-02-10 07:51

应用程序:

-rwsr-xr-x 1 root root 137517601 2012-02-10 

env | grep LD
LD_LIBRARY_PATH=/usr/lib (I added this manually myself, usually LD_LIBRARY_PATH is empty)

推荐答案

LD_PRELOAD不能与setuid一起使用.这是linux中的一项安全功能. 作为参考，请参见这篇文章malloc的示例中，详细介绍了如何使用LD_PRELOAD用自定义代码替换某些库调用.

LD_PRELOAD cannot be used with setuid. This is a security feature in linux. For reference check this article, which goes into the detail on how to use LD_PRELOAD to substitute some library calls with custom code, at the example of malloc.

这篇关于带有setuid二进制文件的LD_PRELOAD的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！