undefined | Better HN

0 pointscodesections6y ago0 comments

The former. One of the examples given in the linked explanation (https://jvns.ca/blog/2014/11/27/ld-preload-is-super-fun-and-...) used LD_PRELOAD to modify random number generation — and it's easy to imagine other exploits.

I suppose many/all would require the user's environment to be so throughly compromised that security might be a lost cause. But it still makes me wonder if there's a defense-in-depth argument in favor of static linking.

0 comments

1 comments · 1 top-level

teddyh6y ago

A running program has no security boundary against the user the program is running as. This is not an “exploit”, this is as designed. A program is started by the user and running on behalf on the user – it should be 100% under the user’s control.

If the program has additional privileges which should be withheld from the user, like original Unix setuid or setgid, or modern style Linux capabilities(7), then LD_PRELOAD is ignored by ld.so(8), and there is no problem.

But if you are talking about a normal user’s environment being “compromised”, or the users’ wishes being a problem, then you have no business writing software for users, or, rather, users would be better off not running software written by you, since your software is obviously not written with their best interest in mind.

j / k navigate · click thread line to collapse