I have a security problem about LD_PRELOAD and /etc/ld.so.preload.
Recently I see the bug of CVE-2015-1328 in Ubuntu series (http://cxsecurity.com/issue/WLB-2015060081), the attack method is using the bug of overlayfs to create ld.so.preload in the /etc. He writes his getuid function to overlap the original function, then he can bypass su authentication. But if I use the LD_PRELOAD on Ubuntu, the result shows me ,"LD_PRELOAD is ignored". When I create the /etc/ld.so.preload by myself, and using the getuid function of the author in Debian Jessie, the result shows me , "/etc/ld.so.preload is ignored". I want to know the security policy about LD_PRELOAD and /etc/ld.so.preload in Debian. Thanks. - mudongliang |