privesc LD_PRELOAD is not a problem, only part of symptoms. not clearing environment in a setuid binary is the actual issue
and in the examples in the blogpost, there is no privilege boundary at all; you could just as well just modify the original program
-
-
(also, the "Sandbox unsafe applications" part of that post is nonsense, an application can just call syscalls directly)
-
and "no libraries will be preloaded this way if ruid != euid" is also wrong, glibc does load setuid libraries from some folders
End of conversation
New conversation -
-
-
the "Manually access application’s own memory" part is also nonsense - you don't need root privileges to inspect process memory
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.