Skip to content

ForensicITGuy/libpreloadvaccine

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

libpreloadvaccine

Description

libpreloadvaccine is a project to attempt whitelisting of shared objects loaded via LD_PRELOAD.

This libary implements portions of the rtld-audit API to intercept searches for shared objects at runtime. If the searched-for library is part of a preload list and not part of the whitelist, it gets ignored by the dynamic linker at runtime.

To use the library, simply define the LD_AUDIT environment variable to the path of libpreloadvaccine.so and enjoy.

To whitelist preloads, add them to /etc/libpreloadvaccine.allow.

Documentation

Disclaimer

Like a real vaccine, this is not 100% effective against all types of preloads attacks. You may still define preloads via command line arguments to the dymanic linker for effect. And just like a vaccine, this is better than running around without protection!

In Action

libpreloadvaccine in action

Credits (Hall of Fame)

@zacbrown

About

Whitelisting LD_PRELOAD libraries using LD_AUDIT

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published