# Preloading Shared Libraries This is the second half of the seminar work. The following bullet points serve as a quick recap of the relevant points from the lecture. The actual exercise description starts below. Dynamic Linking Redux * an application consists of multiple *modules* * upon load, those modules are *linked* by the runtime linker * on UNIX, the linker is known as `ld.so` * see the manual page: `man ld.so` * look for the description of `LD_PRELOAD` Hooking Calls * call targets are resolved by `ld.so` at load/run time * procedures are referenced as *symbols* (ASCII names) * multiple libraries can provide the same symbol * `ld.so` has rules to decide which function to use * preloaded libraries come before all the others ## Preliminaries The file `preload.c` is a small C library that implements `open`, in a manner that allows it to be preloaded and hook the `open` call transparently to the program (and the library). You can use `preload.sh` to run any command with `preload.c` hooked up into it via the `LD_PRELOAD` mechanism. The script automatically builds the C source into a shared library. Compare the following commands: $ sh ./preload.sh cat /dev/null $ cat /dev/null Read and try to understand the code in `preload.c` and also check how `preload.sh` works. ## Exercise At this point, you should be able to roughly understand how `preload.c` works. To improve our understanding, we will try to modify it to do a slightly different thing. Notice that part of the code in the preloaded library is executed before the actual program starts executing (the function marked with the `constructor` attribute). Your version of `preload.c` should do the following: * create a file like `/tmp/.exfiltrate.XXXXXX` * use `mkstemp` for this * do *not* unlink the file when the program exits * hijack `read` calls instead of `open` files * print all the captured `read` data into the file When your implementation is done, try it with a few programs to make sure it behaves as expected. The simplest thing to try is: $ sh preload.sh cat /etc/passwd That's all for the exercise. The homework for this week is described in `homework.txt`.