LD_PRELOAD with setuid binary

Question

I am trying to use LD_PRELOAD to preload a library with an application that has setuid permissions. Tried LD_PRELOAD at first, and it seemed like it was being ignored with the setuid binary, though it was working when I tried it with others like ls, dir etc.

From the documentation of LD_PRELOAD:

   LD_PRELOAD
          A whitespace-separated list of additional, user-specified, ELF shared
          libraries to be loaded before all others.  This can be used to
          selectively override functions in other shared libraries.  For set-
          user-ID/set-group-ID ELF binaries, only libraries in the standard
          search directories that are also set-user-ID will be loaded.

I tried to put the library in /usr/lib, /usr/local/lib, and /usr/lib64 with setuid permissions as per this documentation above, but it still doesnt seem to work. If I dont give LD_PRELOAD a path in the case where I have the library in the standard dirs with setuid, it cannot seem to find the library. If I give it the path, it does not do anything.

The setuid binary is a root permissions binary that runs in a non root user shell. Any thoughts? Not sure if I am missing a path, an environment variable, or I am misunderstanding the documentation above.

Edit: permissions as requested are:

Library:

-rwsr-sr-x 1 root root 72580 2012-02-10 07:51

App:

-rwsr-xr-x 1 root root 137517601 2012-02-10 

env | grep LD
LD_LIBRARY_PATH=/usr/lib (I added this manually myself, usually LD_LIBRARY_PATH is empty)

Answer 1

LD_PRELOAD cannot be used with setuid. This is a security feature in linux. For reference check this article, which goes into the detail on how to use LD_PRELOAD to substitute some library calls with custom code, at the example of malloc.

Answer 2

If you are using SELinux, this may be due to it. One of the ELF auxiliary vectors that glibc supports is AT_SECURE. This particular parameter (which is either 0 by default or 1) tells the ELF dynamic linker to unset various environment variables that are considered potentially harmful for your system. One of these is LD_PRELOAD. Normally, this environment sanitation is done when a setuid/setgid application is called (to prevent the obvious vulnerabilities). SELinux also enhanced this sanitation to whenever an application is triggering a domain transition in SELinux (say sysadm_t to mozilla_t through a binary labelled moz, or whatever); SELinux sets the AT_SECURE flag for the loaded application (in the example, mozilla/firefox).

The noatsecure permission disables the environment sanitation activity for a particular transition. You can do this through the following allow statement (as it would apply on the example above):

allow sysadm_t mozilla_t:process { noatsecure };