Closed Zeyad-Azima closed 3 weeks ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Intrroduction
Sysdig
is vulnerable toDYLIB
Injection through theDYLD_INSERT_LIBRARIES
environment variable. When running thesysdig
tool it loads the libraries in theDYLD_INSERT_LIBRARIES
environment variable automatically and without verifying the signature if it's the same as the tool or no. Which lead to Inject a maliciousDYLIB
by the tool and act on the behave of it.Steps to Reproduce
sysdig
normally it will run as should, But if we created aDYLIB
and indicat to it using theDYLD_INSERT_LIBRARIES
environment variable it will load it without any verifying automatically.Test DYLIB Code
Compile the code using
gcc
normally:Cc: @mhzcyber