stackoom
  简体   繁体   中英

overriding getuid with LD_PRELOAD not working directly, but works in gdb

 原文  2020-09-05 08:39:48       c/ gdb/ dynamic-linking/ exploit

Question

I was solving a challenge from nebula exploit exercise( https://exploit-exercises.lains.space/nebula/level13/ ). Since the compiled binary is dynamically linked, I thought of writing my custom getuid() to return 1000 and set LD_PRELOAD=custom_getuid. This does not seem to work when I directly execute the binary, but I'm able to bypass the check by executing in gdb, ltrace,strace. gdb is able to load my custom getuid. Can anyone explain this behaviour please? Thanks!

find the output of two approaches here

1 answers

solution1
 0  2020-09-05 08:58:33

I found the issue, LD_PRELOAD does not affect suid binaries. So my binary has suid set to flag13 user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Overriding execve() with LD_PRELOAD only works sometimes How to use gdb with LD_PRELOAD Overriding the connect call using LD_PRELOAD Overriding 'malloc' using the LD_PRELOAD mechanism LD_LIBRARY_PATH not working while LD_PRELOAD works fine LD_PRELOAD not working with my program How to debug functions in a dynamic library loaded with LD_PRELOAD with gdb? Overriding malloc using the LD_PRELOAD and calls malloc in library functions LD_PRELOAD and clone() libcurl and LD_PRELOAD
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM