A summary of my undying love for LD_PRELOAD.
HN Discussion: https://news.ycombinator.com/item?id=19187417
Posted by ingve
(karma: 97627)Post stats: Points: 119 - Comments: 45 - 2019-02-17T22:54:48Z
Sunday, February 17, 2019
I’m a huge, HUGE, fan of LD_PRELOAD let me tell you… oh wait it’s my blog so I’m going to. Where do I begin…
About three years ago, I wrote a blog post about the 10 LDFLAGS I love. After writing the post, I realized I should have made the number odd because I think that is part of BuzzFeed’s “click algorithm.” But more seriously, I realized just how many people on the internet you can upset when you don’t include LD_PRELOAD in your favorite LDFLAGS post. I am going to take the time right now to make one thing very clear, VERY CLEAR, listen closely: LD_PRELOAD IS NOT A FLAG. It is an environment variable. Wake up sheeple! Phew!
Now that’s out of the way, we can continue… I love LD_PRELOAD. I love it so much I am devoting this entire blog post to professing my undying love for it. So here we go…
For those who don’t know what LD_PRELOAD is: TODAY IS YOUR LUCKY DAY! LD_PRELOAD allows you to override symbols in any library by specifying your new function in a shared object.
When you run LD_PRELOAD=/path/to/my/free.so /bin/mybinary, /path/to/my/free.so is loaded before any other library, including libc. When mybinary is executed, it uses your custom function for free. PRETTY FREAKING AWESOME RIGHT!
FEEL THE POWER! Okay, so moving on…
Fun Times on the Internet
One night, I’m just hanging around in my apartment, laying on my couch, and I think “oh I’m going to ask the Internet what they’ve done with LD_PRELOAD.” This is how most of my tweets start for what it’s worth. So I asked…
yo internet nerds, tell me all the ways youʼve done dirty things with LD_PRELOAD…. I need them…. for… science…
— jessie frazelle 👩🏼🚀 (@jessfraz) January 21, 2019
This tweet blew up in THE BEST WAY! I got some really cool responses I will highlight below.
Not mine but my favorite: https://t.co/zljcn70pmh
— ダデイさま (@leifwalsh) January 21, 2019
$ FORCE_PID=42 LD_PRELOAD=./getpid.so bash -c ʼecho $$ʼ42
For forcing specific bad ssh key generation when the RNG was busted…
— 𝙺𝚎𝚎𝚜 𝙲𝚘𝚘𝚔 (@kees_cook) February 10, 2019
i didnʼt use this but dropbox recently stopped working on non-ext4 filesystems and thereʼs this LD_PRELOAD hack to make it work anyway https://t.co/DqRL12FNMk
— 🔎Julia Evans🔍 (@b0rk) January 21, 2019
Intercept readline calls to add undo to any interpreter that uses readlinehttps://t.co/M44lDMaeFyhttps://t.co/aoeldkK4X6 pic.twitter.com/w84O715eQG
— Thomas Ballinger (@ballingt) January 21, 2019
We actually mention this in an academic paper! https://t.co/qg5ac6vXx7 We used LD_PRELOAD to interpose on the OnStar software modem audio interface.
— Karl (@supersat) January 21, 2019
I wrote a silly hack that let you mount an app’s objc runtime as a filesystem so you could easily browse the class hierarchy. It could be inserted via dyld. Here is a screenshot of the Finder browsing the runtime. https://t.co/zyYxSsGaoS
— Bill Bumgarner (@bbum) January 22, 2019
enabling rapid-fire railguns in quake3 rocket arena by hooking gettimeofday() via LD_PRELOAD, enable/disable by hooking strstr() and using console commands
— HD Moore (@hdmoore) January 21, 2019
I made a thing to disable SSL certificate verification in a bunch of popular applications/libraries 😈https://t.co/jMWQtbl0Kb
— Dаvіd Вucһаnаn (@David3141593) January 21, 2019
This isn’t all of them but isn’t the internet utterly awesome! You can poke through the thread more and find ones you love as well. But let’s move on to some mad science…
No, not the Incubus album… but my science experiment that I did with LD_PRELOAD. My friend, @grepory, and I came up with this absolutely insane idea for “kernelless”. Yeah, it’s a joke making fun of all the other “-less”s. But ours was special, m’kay. He even made a dope website for it, kernelless.cloud.
So the way we were going to implement this in a mad science way would be as “Cloud Native Syscalls.” Let me tell you about the “Cloud Native Syscalls”…
Cloud Native Syscalls
The first part of the “Cloud Native Syscalls” architecture consists of a daemon on a cloud VM which has a network endpoint accepting incoming syscalls and their arguments. The daemon then performs these syscalls, almost in a code execution as a service type way.
To use “Cloud Native Syscalls”, you compile your binary with the library as follows: LD_PRELOAD=/path/to/my/cloudnativesyscalls.so /bin/ls. This ensures that all your syscalls when you run ls on your host are actually performed in the cloud and sent to the daemon described above.
F’king nuts right… I know. We are working on our A-round don’t worry. It’s truly revolutionary.
Anyways, that was our little science experiment. Hope you liked it, or at least enjoyed all the other people’s fun hacks. :) Keep LD_PRELOADing.
© Jessie Frazelle 2019 @jessfraz
HackerNewsBot debug: Calculated post rank: 94 - Loop: 130 - Rank min: 80 - Author rank: 128