Would you prefer to watch this as a video instead? See the video I made on Linux sudo LD_PRELOAD privilege escalation!
Background Information
Shared Libraries
Shared libraries are a way that multiple programs can utilize the same set of code. This is extremely important so that each program does not need to re-invent the wheel by making custom functions for every single task they need to complete. Before a program is executed, shared libraries can be loaded into memory. One way of specifying shared libraries to load is by adding them to the LD_PRELOAD environment variable. Files added to LD_PRELOAD will be put into memory and potentially executed prior to the execution of the actual program that was invoked.
/etc/sudoers Environment Variables
By default, only specific environment variables are left unchanged while invoking a command through sudo. These include TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME, and SUDO_* variables as noted in the sudoers manual. This is due to the env_reset setting being enabled by default.
In order to preserve additional environment variables through sudo calls, variables can be added to env_keep. All variables that are included in env_keep will remain unchanged. If the LD_PRELOAD environment variable is added to env_keep then a user can specify shared libraries to load before the program is executed through sudo. This is…
