Running the following script as ANY user gains root priviledges on the local machine: cat > a.c << EOF #include <sys/types.h> uid_t getuid() { return 0; } uid_t getgid() { return 0; } uid_t geteuid() { return 0; } uid_t getegid() { return 0; } EOF gcc -c a.c ld -shared -o a.so a.o export LD_PRELOAD=`pwd`/a.so sleep 5 echo "......Got shell!" /bin/bash -i rm -rf a.so a.c a.o The accessibility of LD_PRELOAD must be limited as a temporary patch to solve this security issue.
Sorry, this isn't really a vulnerability. Got pranked.
Reopening bug so it can be marked as invalid
closing now