LD_PRELOAD attack

Discussion in 'General' started by bobykus, Jul 21, 2014.

  1. bobykus

    bobykus Member

    Very nice stuff is published here

    https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-Mayhem

    Basically it means the attacker can upload any source code to your web site and execute it using LD_PRELOAD when normal exec calling. Means you can see, f.ex. host command running, but instead of host you are joining the bot net.
    As we run php from suexec daemon, do you know if there is any way to disable LD_PRELOAD at all?
  2. mistwang

    mistwang LiteSpeed Staff

    Not much can be done in user land, maybe patched kernel can help.
    If you want to make the hacker a little difficult to exploit it, disable exec() in PHP.

Share This Page