Why in LD_PRELOAD exploit we call unsetenv(LD_PRELOAD)?

All we need is an easy explanation of the problem, so here it is.

Why to exploit LD_PRELOAD like is shown here https://touhidshaikh.com/blog/?p=827 in the .c file the first instruction is unsetenv(LD_PRELOAD)? Is it a routine action which all shared libraries do? Or what? I’ve tried to run the exploit without unsetenv and the terminal was “hanging” not receiving ^C ^Z ^D.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Environment variables such as LD_PRELOAD are inherited by child processes. The linked example overrides the _init symbol to invoke a shell using system("/bin/bash"). If the environment variable would not have been cleared, then it would effectively be stuck in an “infinite loop” when invoking system.

If you watch your process list (using ps aux for example), you will see a bunch of shell processes. The system library function creates a new process and executes /bin/sh -c "....". Every time, _init is executed.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

Leave a Reply