ping throws a weird error when used with light config

[ghost]

# LD_PRELOAD=libhardened_malloc-light.so /bin/ping
ERROR: ld.so: object 'libhardened_malloc-light.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
/bin/ping: usage error: Destination address required

Using normal config doesn't have this issue.

# LD_PRELOAD=libhardened_malloc.so /bin/ping
/bin/ping: usage error: Destination address required

Reported by @Wonderfall

[thestinger]

You should pass the full path for LD_PRELOAD.

[ghost]

I believe they said the issue happens even if the full path is in their ld.so.preload file.

[Wonderfall]

Yeah, happens with the full path for me.

cat /etc/ld.so.preload :

/usr/local/lib/libhardened_malloc-light.so

I can see it being preloaded with ldd /usr/bin/ping, and I couldn't find any other binary with that behavior at the moment. I'm trying other things to see if I can narrow down the issue.

[thestinger]

It's probably because it's a setuid or setcap binary instead of the more modern approach not requiring it.

[thestinger]

It says Ignored, which is likely intentional.

[Wonderfall]

It's a fresh Arch install and doesn't seem to be setuid/setgid:

-rwxr-xr-x 1 root root    76568 Dec 22 11:10  ping

And getcap /usr/bin/ping returns nothing. Unless that's the wrong command...

[Wonderfall]

I suspect it's the default AppArmor profile for ping. I'm going to study the profile in question to confirm.

[thestinger]

Check if it's setcap (CAP_NET_RAW). There's another way to do it but setcap would break this too.

[Wonderfall]

I can confirm it was the default AppArmor profile. Sorry for causing trouble. Most likely because the default profile includes the base restrictions which expect /etc to be read-only.