privesc LD_PRELOAD is not a problem, only part of symptoms. not clearing environment in a setuid binary is the actual issue
(also, the "Sandbox unsafe applications" part of that post is nonsense, an application can just call syscalls directly)
-
-
and "no libraries will be preloaded this way if ruid != euid" is also wrong, glibc does load setuid libraries from some folders
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.