I have a security problem about LD_PRELOAD and /etc/ld.so.preload.
Recently I see the bug of CVE-2015-1328 in Ubuntu series
(http://cxsecurity.com/issue/WLB-2015060081),
the attack method is using the bug of overlayfs to create ld.so.preload in the
/etc.
He writes his getuid function to overlap the original function, then he can
bypass su authentication.
But if I use the LD_PRELOAD on Ubuntu, the result shows me ,"LD_PRELOAD is
ignored".
When I create the /etc/ld.so.preload by myself, and using the getuid function
of the author in Debian Jessie,
the result shows me , "/etc/ld.so.preload is ignored".
I want to know the security policy about LD_PRELOAD and /etc/ld.so.preload in
Debian.
Thanks.
- mudongliang
