LD_PRELOAD
先来了解一下这个环境变量的用户说明
LD_PRELOAD
A list of additional, user-specified, ELF shared objects to be
loaded before all others. The items of the list can be sepa‐
rated by spaces or colons. This can be used to selectively
override functions in other shared objects. The objects are
searched for using the rules given under DESCRIPTION.
In secure-execution mode, preload pathnames containing slashes
are ignored. Furthermore, shared objects are preloaded only
from the standard search directories and only if they have set-
user-ID mode bit enabled (which is not typical).
Within the names specified in the LD_PRELOAD list, the dynamic
linker understands the tokens $ORIGIN, $LIB, and $PLATFORM (or
the versions using curly braces around the names) as described
above in Rpath token expansion. (See also the discussion of
quoting under the description of LD_LIBRARY_PATH.)
LD_PRELOAD是一个环境变量
用来加载动态库时寻找所需符号的路径,而且是优先级最高的寻找路径。
换句话说,如我们代码需要加载动态库里面函数,系统一般会去LD_LIBRARY_PATH下寻找,但如果使用了这个变量,系统会优先去这个路径下寻找,如果找到了就返回,不在往下找了,
动态库的加载顺序为
LD_PRELOAD>LD_LIBRARY_PATH>/etc/ld.so.cache>/lib>/usr/lib。
理解这个后,我们就可以自己写一个和标准内核函数同名的函数,编成一个动态库,然后放到LD_PERLOAD环境变量下,这样编译器最终会链接你写的函数,而不是执行本来期望的内核标准函数,这样你就篡改系统了
问题说明
ERROR: ld.so: object '/lib/libSegFault.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
问题解决
root@ubuntu:~# lin -s /lib/x86_64-linux-gnu/libSegFault.so /lib/libSegFault.so
root@ubuntu:~# ls /lib/libSegFault.so
/lib/libSegFault.so
再次执行编译,则没有再提示错误