-
Notifications
You must be signed in to change notification settings - Fork 727
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MacOS] DYLIB Injection through "DYLD_INSERT_LIBRARIES" env variable #2017
Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Intrroduction
Sysdig
is vulnerable toDYLIB
Injection through theDYLD_INSERT_LIBRARIES
environment variable. When running thesysdig
tool it loads the libraries in theDYLD_INSERT_LIBRARIES
environment variable automatically and without verifying the signature if it's the same as the tool or no. Which lead to Inject a maliciousDYLIB
by the tool and act on the behave of it.Steps to Reproduce
sysdig
normally it will run as should, But if we created aDYLIB
and indicat to it using theDYLD_INSERT_LIBRARIES
environment variable it will load it without any verifying automatically.Test DYLIB Code
Compile the code using
gcc
normally:Cc: @mhzcyber
The text was updated successfully, but these errors were encountered: