[英]How to set LD_PRELOAD in systemd
I want to hook some functions in libssl with LD_PRELOAD
in systemd.我想用 systemd 中的
LD_PRELOAD
挂钩 libssl 中的一些函数。
In systemd file I put在我放的systemd文件中
ExecStart=/etc/myscript.sh
and in /etc/myscript.sh I put在 /etc/myscript.sh 我把
#!/bin/sh
LD_PRELOAD=/lib/inject_libssl.so /bin/run
When I look at /proc/RUN_PID/maps
I can see that inject_libssl.so is realy injected to the process but the original libssl.so is loaded before the the injected library, so my hook doesn't work.当我查看
/proc/RUN_PID/maps
时,我可以看到 inject_libssl.so 确实注入了进程,但原始 libssl.so 在注入库之前加载,所以我的钩子不起作用。
I olso tried我也试过
ExecStart=/bin/run
Environment="LD_PRELOAD=/lib/inject_libssl.so"
But I got the same results.但我得到了相同的结果。
If I run LD_PRELOAD=/lib/inject_libssl.so curl https://google.com
the injected libssl works well.如果我运行
LD_PRELOAD=/lib/inject_libssl.so curl https://google.com
注入的 libssl 运行良好。
Why is that please?请问这是为什么?
Can you try this script to see which one will be loaded?你能试试这个脚本看看会加载哪个吗?
#!/usr/bin/env bash
cp /lib/x86_64-linux-gnu/libssl.so /tmp/inject_libssl.so
LD_PRELOAD=/tmp/inject_libssl.so /bin/run
Can you also try to put your.so in /usr/lib/x86_64-linux-gnu
?您也可以尝试将 your.so 放入
/usr/lib/x86_64-linux-gnu
吗?
The reason is probably that systemd
runs your script / binary in set-user-ID mode.原因可能是
systemd
在 set-user-ID 模式下运行您的脚本/二进制文件。 According to the dynamic linker documentation , LD_PRELOAD
support is limited then:根据动态 linker 文档,
LD_PRELOAD
支持是有限的:
For set-user-ID/set-group-ID ELF binaries, preload pathnames containing slashes are ignored, and libraries in the standard search directories are loaded only if the set-user-ID permission bit is enabled on the library file.
对于 set-user-ID/set-group-ID ELF 二进制文件,包含斜杠的预加载路径名将被忽略,并且只有在库文件上启用了 set-user-ID 权限位时才会加载标准搜索目录中的库。
So you need to copy your library to the proper place and provide the permission accordingly.所以你需要将你的库复制到正确的地方并提供相应的权限。 You might be able to work around this with a specific
User=
setting or by using a wrapper.您可以使用特定的
User=
设置或使用包装器来解决此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.