Photo of Jordan Sissel
Jordan Sissel
hacker

Search this site

Metadata

Articles

Projects

Presentations

Overriding shared library functions

Posted Fri, 03 Aug 2007

Long story short...

File: 'connect.over' contains 

#include <netinet/in.h>

override(`connect', `
  {
    // code to inject before the connect() call is actually made
  }
')
Output is 'connect.so' which overrides libc's connect function. 
% LD_PRELOAD=./connect.so nc google.com 80
stream connect: fd=3 host=64.233.187.99:80
% LD_PRELOAD=./connect.so nc -u 129.21.60.9 53 
dgram connect: fd=3 host=129.21.60.9:53
% LD_PRELOAD=./connect.so ssh scorn           
stream connect: fd=3 host=129.21.60.26:22
stream connect: fd=4 host=109.112.47.115:12148
scorn(~) %
The output by nc was due to my function above outputting this.

The strange ssh connection on fd=4 above is seemingly due to ssh calling connect() on a tty? fstat says: 

jls      ssh         3221    4 /dev        122 crw--w----   ttypd rw
inode 122 on /dev is /dev/ttypd.
Comments: 2 | Link to this post | posted at: 19:16
Tags: , , ,

2 responses to 'Overriding shared library functions'

Showing last 2 comments... (Click here to view all comments)

Robert Peaslee wrote at Tue Sep 4 11:47:35 2007...
This is an old trick, but cool nontheless.

Any ideas on how to make replacement shared libs work by default for all users without root access? ;)

Jordan Sissel wrote at Tue Sep 4 13:22:45 2007...
Are you asking "How can I do <thing that requires root> as non-root?" ?

Yes, it's an old trick, but the good thing about my implementation is that it's trivial to inject functionality (it's an m4 script that generates C code, which gcc turns into a .so) rather than having to write it all yourself.

Leave a reply

You need javascript enabled to use this form. Anti-spam efforts ongoing. Also, if the comment doesn't show up, it's because the form expired. Go back and copy your comment, reload the form, and resubmit. Apologies if this is a hassle, I'm just playing with antispam methods right now. If this insists on not working, please email me about it.

Name (required)
E-mail (optional, if you want me to be able to email you back)
URL (also optional)
Comment: